Design/Logic Flaw

2023-06-3021:15:00

PRIOn knowledge base

www.prio-n.com

malwarebytes

edr

linux

detection bypass

identifier reuse

filesystem duplication

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.

CPENameOperatorVersion
endpoint_detection_and_responsele1.0.11
malwarebytesle1.0.14

CPE	Name	Operator	Version
	endpoint_detection_and_response	le	1.0.11
	malwarebytes	le	1.0.14

References

malwarebytes.com

www.malwarebytes.com/secure/cves/cve-2023-29147