CVE-2023-1998
Public on 2023-04-14
Modified on 2024-04-26
Description
When plain IBRS is enabled (not enhanced IBRS), the logic in spectre_v2_user_select_mitigation() determines that STIBP is not needed. The IBRS bit implicitly protects against cross-thread branch target
injection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
injection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2023-03-20 | ALAS-2023-1701 | Fixed |
| Amazon Linux 2 - Core | kernel | 2023-03-21 | ALAS2-2023-1987 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-03-21 | ALAS2KERNEL-5.10-2023-028 | Fixed |
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2023-03-21 | ALAS2KERNEL-5.15-2023-015 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-03-21 | ALAS2KERNEL-5.4-2023-043 | Fixed |
| Amazon Linux 2023 | kernel | 2023-03-22 | ALAS2023-2023-138 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| NVD | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |