🟠 High  |  Source: Microsoft Security Response Center


A vulnerability dubbed ‘EntryBleed’ (CVE-2022-4543) exists in the Linux kernel’s Page Table Isolation mechanism, which is designed to protect against Spectre/Meltdown-class attacks. A local attacker can exploit prefetch side-channels based on TLB timing on Intel systems to leak the kernel’s randomised memory layout (KASLR), effectively bypassing a key exploit mitigation. This significantly lowers the bar for further privilege escalation attacks on affected Linux systems.

Security Architect’s Take: Ensure all Linux-based Azure workloads — including AKS nodes, Linux VMs, and VMSS instances — are running kernel versions with the EntryBleed patch applied; verify with your OS vendor and prioritise patching on multi-tenant or shared infrastructure where local access by untrusted workloads is possible.

Original advisory: CVE-2022-4543 A flaw named “EntryBleed” was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.