CVE-2023-1637
Public on 2023-03-27
Modified on 2024-03-01
Description
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | kernel | 2022-05-31 | ALAS-2022-1591 | Fixed |
| HAQM Linux 2 - Kernel-5.4 Extra | kernel | Pending Fix | ||
| HAQM Linux 2 - Core | kernel | 2022-05-04 | ALAS2-2022-1793 | Fixed |
| HAQM Linux 2 - Core | kernel | 2024-06-06 | ALAS2-2024-2569 | Fixed |
| HAQM Linux 2 - Kernel-5.10 Extra | kernel | 2023-06-29 | ALAS2KERNEL-5.10-2023-036 | Fixed |
| HAQM Linux 2 - Kernel-5.15 Extra | kernel | 2023-06-29 | ALAS2KERNEL-5.15-2023-023 | Fixed |
| HAQM Linux 2023 | kernel | 2023-02-17 | ALAS2023-2023-070 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |