PT-2023-7939 · Linux+10 · Linux Kernel+10

Budimir Markovic

·

Published

2023-11-29

·

Updated

2025-10-03

·

CVE-2023-6931

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf event's read size can overflow, leading to an heap out-of-bounds increment or write in perf read group(). This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information and elevate their privileges in the system.
Recommendations Upgrade past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable perf read group() function until a patch is available.

Exploit

Fix

DoS

LPE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:1607
ALSA-2024:2394
ALSA-2024_1607
ALSA-2024_2394
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-1838
ALT-PU-2024-1867
ALT-PU-2025-12647
AZL-32264
AZL-34869
BDU:2023-09023
CESA-2024_1607
CESA-2024_1614
CVE-2023-6931
DLA-3710-1
DLA-3711-1
DSA-5593-1
DSA-5594-1
INFSA-2024_2394
OESA-2024-1030
OESA-2024-1031
OESA-2024-1032
OESA-2024-1033
OESA-2024-1034
OESA-2024-1035
OPENSUSE-SU-2024_0156-1
RHSA-2024:0930
RHSA-2024:1018
RHSA-2024:1019
RHSA-2024:1404
RHSA-2024:1607
RHSA-2024:1614
RHSA-2024:1836
RHSA-2024:1840
RHSA-2024:2394
RHSA-2024_1607
RHSA-2024_1614
RHSA-2024_2394
RLSA-2024:1607
RLSA-2024:1614
RXSA-2024:1607
SUSE-SU-2024:0110-1
SUSE-SU-2024:0113-1
SUSE-SU-2024:0115-1
SUSE-SU-2024:0117-1
SUSE-SU-2024:0118-1
SUSE-SU-2024:0120-1
SUSE-SU-2024:0129-1
SUSE-SU-2024:0141-1
SUSE-SU-2024:0153-1
SUSE-SU-2024:0154-1
SUSE-SU-2024:0156-1
SUSE-SU-2024:0160-1
SUSE-SU-2024:1677-1
SUSE-SU-2024:1680-1
SUSE-SU-2024:1686-1
SUSE-SU-2024:1695-1
SUSE-SU-2024:1696-1
SUSE-SU-2024:1706-1
SUSE-SU-2024:1709-1
SUSE-SU-2024:1712-1
SUSE-SU-2024:1720-1
SUSE-SU-2024:1726-1
SUSE-SU-2024:1729-1
SUSE-SU-2024:1732-1
SUSE-SU-2024:1735-1
SUSE-SU-2024:1736-1
SUSE-SU-2024:1739-1
SUSE-SU-2024:1742-1
SUSE-SU-2024:1748-1
SUSE-SU-2024:1751-1
SUSE-SU-2024:1757-1
SUSE-SU-2024:2099-1
SUSE-SU-2024:2115-1
SUSE-SU-2024:2145-1
SUSE-SU-2024:2166-1
SUSE-SU-2024:2202-1
SUSE-SU-2024:2205-1
USN-6602-1
USN-6603-1
USN-6604-1
USN-6604-2
USN-6605-1
USN-6605-2
USN-6606-1
USN-6607-1
USN-6608-1
USN-6608-2
USN-6609-1
USN-6609-2
USN-6609-3
USN-6628-1
USN-6628-2
USN-6635-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu