cve-2023-52481
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2024-08-02 23:03
Severity
Summary
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-29T20:42:26.894938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:41.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "Documentation/arch/arm64/silicon-errata.rst",
            "arch/arm64/Kconfig",
            "arch/arm64/kernel/cpu_errata.c",
            "arch/arm64/kernel/entry.S",
            "arch/arm64/tools/cpucaps"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e3ae2927b43",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "32b0a4ffcaea",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "471470bc7052",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "Documentation/arch/arm64/silicon-errata.rst",
            "arch/arm64/Kconfig",
            "arch/arm64/kernel/cpu_errata.c",
            "arch/arm64/kernel/entry.S",
            "arch/arm64/tools/cpucaps"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.57",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn\u0027t necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:12:37.012Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c"
        },
        {
          "url": "https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25"
        },
        {
          "url": "https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513"
        }
      ],
      "title": "arm64: errata: Add Cortex-A520 speculative unprivileged load workaround",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52481",
    "datePublished": "2024-02-29T05:43:12.630Z",
    "dateReserved": "2024-02-20T12:30:33.301Z",
    "dateUpdated": "2024-08-02T23:03:19.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52481\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-29T06:15:46.060\",\"lastModified\":\"2024-02-29T13:49:29.390\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\\n\\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\\naffected Cortex-A520 core, a speculatively executed unprivileged load\\nmight leak data from a privileged load via a cache side channel. The\\nissue only exists for loads within a translation regime with the same\\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\\nthe return to EL0.\\n\\nThe workaround is to execute a TLBI before returning to EL0 after all\\nloads of privileged data. A non-shareable TLBI to any address is\\nsufficient.\\n\\nThe workaround isn\u0027t necessary if page table isolation (KPTI) is\\nenabled, but for simplicity it will be. Page table isolation should\\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\\nand the E0PD feature (used when KASLR is enabled).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: errata: Agregar workaround de carga especulativa sin privilegios de Cortex-A520 Implementar la workaround para la errata 2966298 de ARM Cortex-A520. En un n\u00facleo Cortex-A520 afectado, una carga sin privilegios ejecutada especulativamente podr\u00eda filtrarse datos de una carga privilegiada a trav\u00e9s de un canal lateral de cach\u00e9. El problema s\u00f3lo existe para cargas dentro de un r\u00e9gimen de traducci\u00f3n con la misma traducci\u00f3n (por ejemplo, el mismo ASID y VMID). Por tanto, el problema s\u00f3lo afecta al retorno a EL0. La soluci\u00f3n es ejecutar un TLBI antes de regresar a EL0 despu\u00e9s de todas las cargas de datos privilegiados. Un TLBI que no se pueda compartir con cualquier direcci\u00f3n es suficiente. El workaround no es necesario si el aislamiento de la tabla de p\u00e1ginas (KPTI) est\u00e1 habilitado, pero por simplicidad lo ser\u00e1. El aislamiento de la tabla de p\u00e1ginas normalmente debe estar deshabilitado para Cortex-A520, ya que admite la funci\u00f3n CSV3 y la funci\u00f3n E0PD (utilizada cuando KASLR est\u00e1 habilitado).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.