CVE-2023-6917

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Performance Co-Pilot (PCP) (affected versions not specified)

Description A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. The vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-378

Related Identifiers

ALSA-2024:2213

BDU:2024-06871

CVE-2023-6917

INFSA-2024_2213

OESA-2024-2018

OPENSUSE-SU-2024_3533-1

OPENSUSE-SU-2024_3785-1

OPENSUSE-SU-2025_0011-1

OPENSUSE-SU-2025_0801-1

RHSA-2024:2213

RHSA-2024_2213

SUSE-SU-2024:3533-1

SUSE-SU-2024:3785-1

SUSE-SU-2024:3976-1

SUSE-SU-2024_3533-1

SUSE-SU-2024_3785-1

SUSE-SU-2024_3976-1

SUSE-SU-2025:0011-1

SUSE-SU-2025:0801-1

SUSE-SU-2025:20133-1

SUSE-SU-2025:20235-1

SUSE-SU-2025_0801-1

Affected Products

Almalinux

Debian

Performance Co-Pilot

Red Hat

Red Os

Suse

CVE-2023-6917

Weakness Enumeration

Related Identifiers

Affected Products

References · 49