PT-2023-6554 · Linux+9 · Linux Kernel+9

Budimir Markovic

·

Published

2023-10-19

·

Updated

2024-11-30

·

CVE-2023-5717

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf read group() is called while an event's sibling list is smaller than its child's sibling list, it can increment or write to memory locations outside of the allocated buffer.
Recommendations Upgrade past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06 to resolve the issue. As a temporary workaround, consider restricting access to the perf read group() function until a patch is available.

Fix

DoS

LPE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:0897
ALT-PU-2023-6736
ALT-PU-2023-7004
ALT-PU-2023-7185
ALT-PU-2023-7787
ALT-PU-2023-7838
ALT-PU-2024-6818
AZL-31774
AZL-31814
BDU:2023-07316
CESA-2024_0881
CESA-2024_0897
CVE-2023-5717
DLA-3710-1
DLA-3711-1
DSA-5594-1
MGASA-2023-0328
MGASA-2023-0331
OESA-2023-1779
OESA-2023-1780
OESA-2023-1781
OESA-2023-1782
OESA-2023-1783
OPENSUSE-SU-2023_4730-1
OPENSUSE-SU-2023_4731-1
OPENSUSE-SU-2023_4732-1
OPENSUSE-SU-2023_4734-1
OPENSUSE-SU-2023_4782-1
OPENSUSE-SU-2023_4882-1
RHSA-2024:0439
RHSA-2024:0448
RHSA-2024:0575
RHSA-2024:0724
RHSA-2024:0881
RHSA-2024:0897
RHSA-2024:1248
RHSA-2024:1250
RHSA-2024:1306
RHSA-2024_0881
RHSA-2024_0897
RHSA-2024_1248
RXSA-2024:1248
SUSE-SU-2023:4730-1
SUSE-SU-2023:4731-1
SUSE-SU-2023:4732-1
SUSE-SU-2023:4733-1
SUSE-SU-2023:4734-1
SUSE-SU-2023:4735-1
SUSE-SU-2023:4782-1
SUSE-SU-2023:4783-1
SUSE-SU-2023:4784-1
SUSE-SU-2023:4810-1
SUSE-SU-2023:4811-1
SUSE-SU-2023:4882-1
SUSE-SU-2023:4883-1
SUSE-SU-2024:1358-1
SUSE-SU-2024:1359-1
SUSE-SU-2024:1380-1
SUSE-SU-2024:1382-1
SUSE-SU-2024:1390-1
SUSE-SU-2024:1400-1
SUSE-SU-2024:1405-1
SUSE-SU-2024:1406-1
SUSE-SU-2024:1418-1
SUSE-SU-2024:1493-1
SUSE-SU-2024:1505-1
SUSE-SU-2024:1537-1
SUSE-SU-2024:1545-1
SUSE-SU-2024:1551-1
SUSE-SU-2024:1558-1
SUSE-SU-2024:1581-1
SUSE-SU-2024:1582-1
SUSE-SU-2024:1596-1
USN-6494-1
USN-6494-2
USN-6497-1
USN-6532-1
USN-6534-1
USN-6534-2
USN-6534-3
USN-6536-1
USN-6537-1
USN-6548-1
USN-6548-2
USN-6548-3
USN-6548-4
USN-6548-5
USN-6549-1
USN-6549-2
USN-6549-3
USN-6549-4
USN-6549-5
USN-6573-1
USN-6635-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu