{
  "threat_severity" : "Moderate",
  "public_date" : "2024-02-29T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: x86/srso: Add SRSO mitigation for Hygon processors",
    "id" : "2267028",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2267028"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-562",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nx86/srso: Add SRSO mitigation for Hygon processors\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too.", "A vulnerability was found in the Linux kernel, where the Hygon x86 processor is susceptible to a speculative return stack overflow." ],
  "statement" : "This kernel vulnerability will not be addressed, as Hygon is not a x86 processor variant that Red Hat officially supports.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52482\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52482\nhttps://lore.kernel.org/linux-cve-announce/2024022922-CVE-2023-52482-9375@gregkh/T/#u" ],
  "name" : "CVE-2023-52482",
  "csaw" : false
}