CVE-2023-3640— Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-3640
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
Source: NVD (National Vulnerability Database)
Vulnerability Description
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于X86 CPU的cpu_entry_area映射中存在未授权内存访问漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-362.8.1.el9_3 ~ * | cpe:/a:redhat:enterprise_linux:9::realtime | |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-362.8.1.el9_3 ~ * | cpe:/a:redhat:enterprise_linux:9::realtime | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2023-3640
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | SCTF 2023 kernel pwn && CVE-2023-3640 | https://github.com/pray77/CVE-2023-3640 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-3640
请登录查看更多情报信息。
Same Patch Batch · Red Hat · 2023-07-24 · 10 CVEs total
| CVE-2023-3812 | 7.8 HIGH | Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags |
| CVE-2023-38200 | 7.5 HIGH | Keylime: registrar is subject to a dos against ssl connections |
| CVE-2023-3567 | 7.1 HIGH | Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race |
| CVE-2023-33952 | 6.7 MEDIUM | Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects |
| CVE-2023-33951 | 6.7 MEDIUM | Kernel: vmwgfx: race condition leading to information disclosure vulnerability |
| CVE-2023-3750 | 6.5 MEDIUM | Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service |
| CVE-2023-3019 | 6.0 MEDIUM | Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest() |
| CVE-2023-3745 | 5.5 MEDIUM | Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h |
| CVE-2023-3384 | 5.4 MEDIUM | Quay: stored cross site scripting |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 9
- CVE-2023-6917
Pcp: unsafe use of directories allows pcp to root privilege - CVE-2024-1151
Kernel: stack overflow problem in open vswitch kernel module - CVE-2023-6531
Kernel: gc's deletion of an skb races with unix_stream_read_ - CVE-2023-4001
Grub2: bypass the grub password protection feature - CVE-2023-6679
Kernel: null pointer dereference in dpll_pin_parent_pin_set(
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-203
- CVE-2026-44263
Weblate: Private Translation Enumeration via Screenshot API - CVE-2023-5872
Wago: Vulnerability in Smart Designer Web-Application - CVE-2026-33429
Parse Server: Protected field change detection oracle via Li - CVE-2026-33425
Discourse has inferable private group membership or existenc - CVE-2026-3580
Compiler-induced timing leak in sp_256_get_entry_256_9 on RI
V. Comments for CVE-2023-3640
No comments yet