CVE-2023-0597: 
Linux Kernel vulnerability analysis and mitigation

A flaw in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory was discovered (CVE-2023-0597). The vulnerability, discovered by Seth Jenkins, relates to improper address randomization for per-cpu memory management structures, where the CPU-entry-area mapped into userspace page-tables for kPTI was not subject to any randomization regardless of kASLR settings (Ubuntu Security, NVD).

On x86_64 systems, a whole P4D (512 GB) of virtual address space is reserved for the cpu_entry_area structure. The vulnerability allows a local user to guess the location of exception stack(s) or other important data in memory, as the address of cpu_entry_area was not randomized. This vulnerability has been patched in Linux 6.2 by implementing a straightforward randomization scheme that avoids duplicates to spread the existing CPUs over the available space (Git Kernel).

A local attacker could use this vulnerability to expose sensitive information (kernel memory) or potentially exploit it in conjunction with other kernel vulnerabilities. The vulnerability could be used to leak the base addresses of the kernel code and kernel data, which could facilitate further attacks (Ubuntu Security).

The vulnerability has been fixed in Linux kernel 6.2 by implementing address randomization for the cpu_entry_area. Various Linux distributions have released patches for their respective kernel versions. For example, Ubuntu has fixed this in multiple kernel versions: 6.2.0-18.18 for 23.04, 5.15.0-79.86 for 22.04 LTS, 5.4.0-166.183 for 20.04 LTS, and 4.15.0-219.230 for 18.04 LTS (Ubuntu Security).