🟠 High | Source: Microsoft Security Response Center
A vulnerability dubbed ‘EntryBleed’ (CVE-2022-4543) exists in the Linux kernel’s Page Table Isolation mechanism, which is designed to protect against Spectre/Meltdown-class attacks. A local attacker can exploit prefetch side-channels based on TLB timing on Intel systems to leak the kernel’s randomised memory layout (KASLR), effectively bypassing a key exploit mitigation. This significantly lowers the bar for further privilege escalation attacks on affected Linux systems.
Security Architect’s Take: Ensure all Linux-based Azure workloads — including AKS nodes, Linux VMs, and VMSS instances — are running kernel versions with the EntryBleed patch applied; verify with your OS vendor and prioritise patching on multi-tenant or shared infrastructure where local access by untrusted workloads is possible.