Last Modified: May 9, 2023
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
Tweets last week: 0
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.00045
Remaining steady
Reddit Posts: 0
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Base Score: 4.7
Exploitability Score:
1.0
Impact Score: 3.6
CVSS V3: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-476
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* Part: o Vendor: linux | Alle Schwachstellen für linux | |
| cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* Part: o Vendor: linux | Alle Schwachstellen für linux | |
| cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* Part: o Vendor: linux | Alle Schwachstellen für linux | |
| cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* Part: o Vendor: linux | Alle Schwachstellen für linux | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* Part: o Vendor: linux | Alle Schwachstellen für linux | |
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* Part: o Vendor: debian | Alle Schwachstellen für debian | |
Reference:
added:
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Reference:
added:
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
CWE-ID:
Not defined
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
Configuration:
added:
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"/>
</set>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*"/>
<prop key="operating_system" value="cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"/>
</set>
</set>
<prop key="program_influence" value="input"/>
</set>