Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0. The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient. The workaround isn't necessary if page table isolation (KPTI) is enabled, but for simplicity it will be. Page table isolation should normally be disabled for Cortex-A520 as it supports the CSV3 feature and the E0PD feature (used when KASLR is enabled).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 6.1.57 |
References
- https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25Patch
- https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513Patch
- https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372cPatch
- https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25Patch
- https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513Patch
- https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372cPatch
FAQ
What is CVE-2023-52481?
CVE-2023-52481 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 29662...
How severe is CVE-2023-52481?
CVE-2023-52481 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52481?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.