CVE-2023-1637
MEDIUMLinux Kernel - Information Exposure via Suspend-to-RAM Resume
Title source: llmDescription
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
References (2)
Core 2
Core References
Mailing List, Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=27398
Scores
CVSS v3
5.5
EPSS
0.0022
EPSS Percentile
12.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-212
CWE-226
Status
published
Products (1)
linux/linux_kernel
5.18 rc2
Published
Mar 27, 2023
Tracked Since
Feb 18, 2026