Home > Vulnerability Database > CVE-2023-1637

Mend.io Vulnerability Database

CVE-2023-1637

Good to know:

Date: March 26, 2023

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

Language: C

Severity Score

5.5

Related Resources (6)

Url: https://access.redhat.com/security/cve/CVE-2023-1637

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-1637

Url: https://sourceware.org/bugzilla/show_bug.cgi?id=27398

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1637

Url: https://www.mend.io/vulnerability-database/CVE-2023-1637

Severity Score

5.5

Weakness Type (CWE)

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-212

Sensitive Information in Resource Not Removed Before Reuse

CWE-226

Top Fix

Upgrade Version

Upgrade to version v4.9.311,v4.14.276,v4.19.238,v5.4.189,v5.10.111,v5.15.34,v5.16.20,v5.17.3,v5.18-rc2

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1637

Good to know:

Date: March 26, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?