Home > Vulnerability Database > CVE-2023-46813

Mend.io Vulnerability Database

CVE-2023-46813

Good to know:

Date: October 26, 2023

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

Language: C

Severity Score

7.0

Related Resources (8)

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46813

Url: https://bugzilla.suse.com/show_bug.cgi?id=1212649

Url: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721

Url: https://www.mend.io/vulnerability-database/CVE-2023-46813

Severity Score

7.0

Top Fix

Upgrade Version

Upgrade to version v5.10.199,v5.15.137,v6.1.60,v6.6-rc7

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46813

Good to know:

Date: October 26, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?