Ubuntu.comUB:CVE-2023-2235CVE-2023-2235
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
A use-after-free vulnerability in the Linux Kernel Performance Events
system can be exploited to achieve local privilege escalation. The
perf_group_detach function did not check the event’s siblings’ attach_state
before calling add_event_to_groups(), but remove_on_exec made it possible
to call list_del_event() on before detaching from their group, making it
possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2.
Bugs
Notes
| Author | Note |
|---|---|
| Priority reason: Ubuntu kernels enable SECURITY_PERF_EVENTS_RESTRICT which sets kernel.perf_event_paranoid >= 2 and so disables unprivileged users from using perf by default. As such in their default configuration, Ubuntu kernels are not able to be exploited by this flaw to achieve local privilege escalation. | |
| cascardo | Ubuntu kernels enable SECURITY_PERF_EVENTS_RESTRICT which sets kernel.perf_event_paranoid >= 2 and so disables unprivileged users from using perf by default. As such in their default configuration, Ubuntu kernels are not able to be exploited by this flaw to achieve local privilege escalation. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | linux | < 5.15.0-79.86 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux | < 6.2.0-23.23 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1042.47 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1005.5 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1041.46~20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1045.52 | UNKNOWN |
| ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1005.5 | UNKNOWN |
References
git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2
kernel.dance/fd0815f632c24878e325821943edccc7fde947a2
launchpad.net/bugs/cve/CVE-2023-2235
nvd.nist.gov/vuln/detail/CVE-2023-2235
security-tracker.debian.org/tracker/CVE-2023-2235
ubuntu.com/security/notices/USN-6175-1
ubuntu.com/security/notices/USN-6186-1
ubuntu.com/security/notices/USN-6300-1
ubuntu.com/security/notices/USN-6311-1
ubuntu.com/security/notices/USN-6332-1
ubuntu.com/security/notices/USN-6347-1
ubuntu.com/security/notices/USN-6385-1
www.cve.org/CVERecord?id=CVE-2023-2235
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%