CVE-2023-0458: 
Linux Kernel vulnerability analysis and mitigation

A speculative pointer dereference vulnerability (CVE-2023-0458) was discovered in the Linux Kernel's do_prlimit() function. The vulnerability was discovered by Jordy Zomer and Alexandra Sandulescu and disclosed in April 2023. The issue affects Linux Kernel versions prior to 6.1.8, where the resource argument value is controlled and used in pointer arithmetic for the 'rlim' variable (Ubuntu Security, NVD).

The vulnerability exists in the doprlimit() function where the resource argument value is used in pointer arithmetic without proper speculative execution barriers. The fix involves adding arrayindex_nospec() to prevent speculative execution attacks. The vulnerability has a CVSS 3 Severity Score of 4.7 (Medium) (Ubuntu Security, Kernel Commit).

The vulnerability can be exploited by a local attacker to leak sensitive information from kernel memory through speculative execution side-channel attacks. This could potentially expose sensitive system information to unauthorized users (Debian LTS).

The vulnerability was fixed in Linux kernel version 6.1.8 with commit 739790605705ddcf18f21782b9c99ad7d53a8c11. The fix implements proper speculative execution barriers by adding arrayindexnospec() to the do_prlimit() function. Users are recommended to upgrade their Linux kernel to version 6.1.8 or later (Kernel Commit).