CVE-2023-4155

high

Published 2023-11-07 · Modified 2023-11-14

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

RHSA-2023:7077: kernel security, bug fix, and enhancement update (Important)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability Red Hat statement Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as they did not include support for KVM AMD Secure Encrypted Virtualization (SEV). Note: AMD SEV is currently provided as a Technology Preview in RHEL 8, therefore, it is unsupported for production use. For additional details see…

Description

kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability

Red Hat statement

Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as they did not include support for KVM AMD Secure Encrypted Virtualization (SEV). Note: AMD SEV is currently provided as a Technology Preview in RHEL 8, therefore, it is unsupported for production use. For additional details see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.

CVSS v3: 5.3 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9`	RHSA-2023:6901	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-513.5.1.el8_9`	RHSA-2023:7077	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`kernel-0:4.18.0-372.107.1.el8_6`	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`kernel-0:4.18.0-372.107.1.el8_6`	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`kernel-0:4.18.0-372.107.1.el8_6`	RHSA-2024:3859	2024-06-12T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`kernel-0:4.18.0-477.64.1.el8_8`	RHSA-2024:4740	2024-07-23T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-362.8.1.el9_3`	RHSA-2023:6583	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-362.8.1.el9_3`	RHSA-2023:6583	2023-11-07T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel-rt`	Not affected
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2023:6901 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected
debian	bookworm	fixed	`6.1.52-1`
debian	bullseye	fixed	`0`
debian	forky	fixed	`6.4.11-1`
debian	sid	fixed	`6.4.11-1`
debian	trixie	fixed	`6.4.11-1`
almalinux	8	fixed	`kernel-doc-4.18.0-513.5.1.el8_9.noarch.rpm`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.