Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-29t9-3w93-y3cq
Vulnerability ID VCID-29t9-3w93-y3cq
Aliases CVE-2023-0597
Summary A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.
Status Published
Exploitability 0.5
Weighted Severity 6.3
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-401 Missing Release of Memory after Effective Lifetime
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0597.json
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-0597
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-0597
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-0597
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-0597
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
ssvc Track https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
cvssv3.1 5.5 http://www.openwall.com/lists/oss-security/2023/07/28/1
ssvc Track http://www.openwall.com/lists/oss-security/2023/07/28/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0597.json
https://api.first.org/data/v1/epss?cve=CVE-2023-0597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0597
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1 http://www.openwall.com/lists/oss-security/2023/07/28/1
2165926 https://bugzilla.redhat.com/show_bug.cgi?id=2165926
97e3d26b5e5f371b3ee223d94dd123e6c442ba80 https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077
RHSA-2024:10262 https://access.redhat.com/errata/RHSA-2024:10262
RHSA-2024:10772 https://access.redhat.com/errata/RHSA-2024:10772
RHSA-2024:10773 https://access.redhat.com/errata/RHSA-2024:10773
RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1188
USN-6206-1 https://usn.ubuntu.com/6206-1/
USN-6235-1 https://usn.ubuntu.com/6235-1/
USN-6300-1 https://usn.ubuntu.com/6300-1/
USN-6311-1 https://usn.ubuntu.com/6311-1/
USN-6332-1 https://usn.ubuntu.com/6332-1/
USN-6347-1 https://usn.ubuntu.com/6347-1/
USN-6440-1 https://usn.ubuntu.com/6440-1/
USN-6440-2 https://usn.ubuntu.com/6440-2/
USN-6440-3 https://usn.ubuntu.com/6440-3/
USN-6462-1 https://usn.ubuntu.com/6462-1/
USN-6462-2 https://usn.ubuntu.com/6462-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0597.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T19:17:29Z/ Found at https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2023/07/28/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T19:17:29Z/ Found at http://www.openwall.com/lists/oss-security/2023/07/28/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.05419
EPSS Score 0.00019
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:47:08.485873+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0