How severe is CVE-2023-0045?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-0045?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2023-0045 - HIGH Severity | CVSS 7.5

Vulnerability Description

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Related Vulnerabilities

CVE-2022-24241

HIGH

CVSS:7.5(High)

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

CWE-6102022

CVE-2024-28962

HIGH

CVSS:7.5(High)

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could...

CWE-6102024

CVE-2025-2875

HIGH

CVSS:7.5(High)

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webse...

CWE-6102025

CVE-2021-0591

HIGH

CVSS:7.3(High)

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of priv...

CWE-6102021

CVE-2022-46869

HIGH

CVSS:7.3(High)

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

CWE-6102022

CVE-2024-24760

HIGH

CVSS:7.3(High)

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability...

CWE-6102024