CVE-2023-0458

MEDIUM

Linux Kernel < 6.1.8 - NULL Pointer Dereference

Title source: rule

Description

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

References (4)

Core 4

Core References

Patch

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7

Patch

https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11

View Patch ZIP pw:eip

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (3)

debian/debian_linux 10.0

linux/linux_kernel 6.2 rc1 (4 CPE variants)

linux/linux_kernel < 6.1.8

Published Apr 26, 2023

Tracked Since Feb 18, 2026