CVE-2023-4155

Updated: 2024-11-22 05:30:08.37415

Description:

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.6

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.6 MEDIUM Ignored 2024-06-25 11:29:35
AlmaLinux 9.2 FIPS kernel 5.14.0 5.6 MEDIUM Ignored 2023-11-21 04:11:43
CentOS 6 ELS kernel 2.6.32 5.6 MEDIUM Ignored 2023-10-27 11:06:45
CentOS 7 ELS kernel 3.10.0 5.6 MEDIUM Ignored 2023-10-27 11:06:44
CentOS 8.4 ELS kernel 4.18.0 5.6 MEDIUM Ignored 2024-06-24 11:33:00
CentOS 8.5 ELS kernel 4.18.0 5.6 MEDIUM Ignored 2024-06-24 11:33:00
CentOS Stream 8 ELS kernel 4.18.0 5.6 MEDIUM Ignored 2024-06-24 11:20:01
CloudLinux 6 ELS kernel 2.6.32 5.6 MEDIUM Ignored 2023-10-27 11:06:45
CloudLinux 7 ELS kernel 3.10.0 5.6 MEDIUM Ignored 2024-10-03 10:51:59
Oracle Linux 6 ELS kernel 2.6.32 5.6 MEDIUM Ignored 2023-10-27 11:06:44
Total: 13