Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-5717
HistoryOct 25, 2023 - 12:00 a.m.

CVE-2023-5717

2023-10-2500:00:00
ubuntu.com
ubuntu.com
18
linux kernel
heap out-of-bounds write
local privilege escalation
upgrade
linux kernel performance events
perf component
vulnerability
commit
bugzilla
security restriction
ubuntu kernel
google kctf
usn-6536-1
usn-6573-1

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

5.1%

A heap out-of-bounds write vulnerability in the Linux kernel’s Linux Kernel
Performance Events (perf) component can be exploited to achieve local
privilege escalation. If perf_read_group() is called while an event’s
sibling_list is smaller than its child’s sibling_list, it can increment or
write to memory locations outside of the allocated buffer. We recommend
upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

Bugs

Notes

Author Note
Priority reason: Ubuntu kernels enable SECURITY_PERF_EVENTS_RESTRICT which sets kernel.perf_event_paranoid >= 2 and so disables unprivileged users from using perf by default. As such in their default configuration, Ubuntu kernels are not able to be exploited by this flaw to achieve local privilege escalation.
rodrigo-zaiden reported in Google kCTF. first publication of USN-6536-1 wrongly announced that linux-azure on mantic fixed this issue in version 6.5.0-1009.9. It was fixed with USN-6573-1.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-220.231UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-169.187UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-91.101UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-39.40UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-14.14UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-248.282UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1163.176UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1116.126UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1051.56UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1017.17UNKNOWN
Rows per page:
1-10 of 961

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

5.1%