CVE-2023-1637

MEDIUM

Linux Kernel - Info Disclosure

Title source: llm

Description

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

References (2)

[Mailing List, Patch] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463

[Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=27398

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-212 CWE-226

Status published

Products (1)

linux/linux_kernel 5.18 rc2

Published Mar 27, 2023

Tracked Since Feb 18, 2026