CVE-2023-5370 — Vulnetix

CVE-2023-5370 PUBLISHED CVSS 5.5 MEDIUM

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.

EPSS 0.14% · 33.4th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.14%

33.4th percentile

Affected Products

Vendor	Product	Versions
freebsd	freebsd	13.2, 13.2, 13.2
FreeBSD	FreeBSD	13.2-RELEASE, 13.2-RELEASE, 13.2-RELEASE

Exploit Intelligence

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc (circl)
https://security.netapp.com/advisory/ntap-20231124-0005/ (circl)

Timeline

Oct 4, 2023 EPSS Score
Oct 4, 2023 CVE Published
Nov 5, 2023 EPSS Score
Dec 6, 2023 EPSS Score
Jan 7, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 13, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 16, 2024 EPSS Score

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc vendor-advisory
https://security.netapp.com/advisory/ntap-20231124-0005/ url
https://nvd.nist.gov/vuln/detail/CVE-2023-5370 advisory
https://security.netapp.com/advisory/ntap-20231124-0005 url

Open in Interactive Console →