Lucene search

PRIOn knowledge basePRION:CVE-2023-41915

HistorySep 09, 2023 - 10:15 p.m.

Race condition

2023-09-0922:15:00

PRIOn knowledge base

www.prio-n.com

openpmix

race condition

file ownership

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq12.0
fedoraeq37
fedoraeq38
fedoraeq39
openpmixlt4.2.6
openpmixeq5.0.0

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	12.0
fedora	eq	37
fedora	eq	38
fedora	eq	39
openpmix	lt	4.2.6
openpmix	eq	5.0.0

References

docs.openpmix.org/en/latest/security.html

github.com/openpmix/openpmix/releases/tag/v4.2.6

github.com/openpmix/openpmix/releases/tag/v5.0.1

lists.debian.org/debian-lts-announce/2023/10/msg00048.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/

www.debian.org/security/2023/dsa-5547