CVE-2023-0459

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0459

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0459.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0459

Downstream

DEBIAN-CVE-2023-0459

DLA-3403-1

DLA-3404-1

OESA-2023-1284

RHSA-2022:1975

RHSA-2022:1988

SUSE-SU-2023:3302-1

SUSE-SU-2023:3309-1

SUSE-SU-2023:3311-1

SUSE-SU-2023:3313-1

SUSE-SU-2023:3318-1

SUSE-SU-2023:3324-1

SUSE-SU-2023:3329-1

SUSE-SU-2023:3333-1

SUSE-SU-2023:3349-1

SUSE-SU-2023:3376-1

SUSE-SU-2023:3377-1

SUSE-SU-2023:3390-1

SUSE-SU-2023:3391-1

SUSE-SU-2023:3392-1

SUSE-SU-2023:3421-1

Related

Published

2023-05-25T14:15:09Z

Modified

2025-08-09T20:01:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Copyfromuser on 64-bit versions of the Linux kernel does not implement the _uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

References

Affected packages