CVE-2023-0597

low-risk

Published 2023-02-23

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

http://www.openwall.com/lists/oss-security/2023/07/28/1

Mailing List https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80

http://www.openwall.com/lists/oss-security/2023/07/28/1

Mailing List https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80

https://www.openwall.com/lists/oss-security/2023/07/28/1

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal