Description
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
References (6)
Core 6
Core References
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230511-0007/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (2)
linux/linux_kernel
6.3 rc1 (2 CPE variants)
linux/linux_kernel
< 6.2.8
Published
Apr 10, 2023
Tracked Since
Feb 18, 2026