PT-2023-21593 · Kdab+1 · Kdab Hotspot+1

Matthias Gerstner

Published

2023-03-14

Updated

2024-06-15

CVE-2023-28144

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KDAB Hotspot versions 1.3.x through 1.4.1

Description The issue allows privilege escalation due to race conditions involving symlinks and elevate perf privileges.sh chown calls, specifically in non-default configurations.

Recommendations For versions 1.3.x through 1.4.1, consider restricting access to the elevate perf privileges.sh script until a patch is available. As a temporary workaround, avoid using the chown calls in the elevate perf privileges.sh script to minimize the risk of exploitation. Restrict the creation of symlinks to prevent potential privilege escalation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2023-28144

OPENSUSE-SU-2024:12782-1

Affected Products

Debian

Kdab Hotspot

PT-2023-21593 · Kdab+1 · Kdab Hotspot+1

CVE-2023-28144

Weakness Enumeration

Related Identifiers

Affected Products

References · 17