CVE & CISA-KEV Catalog

CVE-2023-53024

HIGH
7.1
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence instructions after 1) initializing a stack slot and 2) spilling a pointer to the stack. However, this does not cover cases where a stack slot is first initialized with a pointer (subject to sanitization) but then overwritten with a scalar (not subject to sanitization because the slot was already initialized). In this case, the second write may be subject to speculative store bypass (SSB) creating a speculative pointer-as-scalar type confusion. This allows the program to subsequently leak the numerical pointer value using, for example, a branch-based cache side channel. To fix this, also sanitize scalars if they write a stack slot that previously contained a pointer. Assuming that pointer-spills are only generated by LLVM on register-pressure, the performance impact on most real-world BPF programs should be small. The following unprivileged BPF bytecode drafts a minimal exploit and the mitigation: [...] // r6 = 0 or 1 (skalar, unknown user input) // r7 = accessible ptr for side channel // r10 = frame pointer (fp), to be leaked // r9 = r10 # fp alias to encourage ssb *(u64 *)(r9 - 8) = r10 // fp[-8] = ptr, to be leaked // lfence added here because of pointer spill to stack. // // Ommitted: Dummy bpf_ringbuf_output() here to train alias predictor // for no r9-r10 dependency. // *(u64 *)(r10 - 8) = r6 // fp[-8] = scalar, overwrites ptr // 2039f26f3aca: no lfence added because stack slot was not STACK_INVALID, // store may be subject to SSB // // fix: also add an lfence when the slot contained a ptr // r8 = *(u64 *)(r9 - 8) // r8 = architecturally a scalar, speculatively a ptr // // leak ptr using branch-based cache side channel: r8 &= 1 // choose bit to leak if r8 == 0 goto SLOW // no mispredict // architecturally dead code if input r6 is 0, // only executes speculatively iff ptr bit is 1 r8 = *(u64 *)(r7 + 0) # encode bit in cache (0: slow, 1: fast) SLOW: [...] After running this, the program can time the access to *(r7 + 0) to determine whether the chosen pointer bit was 0 or 1. Repeat this 64 times to recover the whole address on amd64. In summary, sanitization can only be skipped if one scalar is overwritten with another scalar. Scalar-confusion due to speculative store bypass can not lead to invalid accesses because the pointer bounds deducted during verification are enforced using branchless logic. See 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic") for details. Do not make the mitigation depend on !env->allow_{uninit_stack,ptr_leaks} because speculative leaks are likely unexpected if these were enabled. For example, leaking the address to a protected log file may be acceptable while disabling the mitigation might unintentionally leak the address into the cached-state of a map that is accessible to unprivileged processes.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.178-1CVE-2023-53024
Fixed in:6.1.11-1CVE-2023-53024
Fixed in:6.1.11-1CVE-2023-53024
Fixed in:6.1.11-1CVE-2023-53024
bpftoolRocky
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
bpftoolRed Hat / RHEL
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
bpftool-debuginfoRocky
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
bpftool-debuginfoRed Hat / RHEL
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:7.2.0-362.8.1.el9_3RHSA-2023:6583
kernelRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernelRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64kRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64kRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debugRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debugRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-devel-matchedRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-devel-matchedRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debug-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-devel-matchedRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-devel-matchedRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-64k-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-abi-stablelistsRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-abi-stablelistsRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debugRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debugRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-devel-matchedRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-devel-matchedRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-uki-virtRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debug-uki-virtRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-aarch64Rocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-aarch64Red Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-ppc64leRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-ppc64leRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-s390xRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-s390xRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-x86_64Red Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-debuginfo-common-x86_64Rocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-devel-matchedRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-devel-matchedRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-docRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-docRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rtRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rtRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debugRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debugRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-kvmRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-kvmRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debug-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-kvmRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-kvmRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-rt-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-toolsRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-toolsRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-libsRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-libsRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-libs-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-tools-libs-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-uki-virtRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-uki-virtRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdumpRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdumpRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-develRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-develRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-devel-matchedRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-devel-matchedRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modulesRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modulesRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modules-coreRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modules-coreRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modules-extraRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
kernel-zfcpdump-modules-extraRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
libperfRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
libperfRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
libperf-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
libperf-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
perfRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
perfRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
perf-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
perf-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
python3-perfRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
python3-perfRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
python3-perf-debuginfoRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
python3-perf-debuginfoRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
rtlaRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
rtlaRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
rvRed Hat / RHEL
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
rvRocky
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583
Fixed in:0:5.14.0-362.8.1.el9_3RHSA-2023:6583

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Embed a live status badge for CVE-2023-53024
CVE-2023-53024 severity badge

Markdown

[![CVE-2023-53024](https://tridentstack.com/cve/badge/CVE-2023-53024.svg)](https://tridentstack.com/cve/CVE-2023-53024)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-53024"><img src="https://tridentstack.com/cve/badge/CVE-2023-53024.svg" alt="CVE-2023-53024"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-01-22.