CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
A heap out-of-bounds write vulnerability in the Linux kernel’s Linux Kernel
Performance Events (perf) component can be exploited to achieve local
privilege escalation. If perf_read_group() is called while an event’s
sibling_list is smaller than its child’s sibling_list, it can increment or
write to memory locations outside of the allocated buffer. We recommend
upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
Author | Note |
---|---|
Priority reason: Ubuntu kernels enable SECURITY_PERF_EVENTS_RESTRICT which sets kernel.perf_event_paranoid >= 2 and so disables unprivileged users from using perf by default. As such in their default configuration, Ubuntu kernels are not able to be exploited by this flaw to achieve local privilege escalation. | |
rodrigo-zaiden | reported in Google kCTF. first publication of USN-6536-1 wrongly announced that linux-azure on mantic fixed this issue in version 6.5.0-1009.9. It was fixed with USN-6573-1. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-220.231 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-169.187 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-91.101 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-39.40 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-14.14 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-248.282 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1163.176 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1116.126 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1051.56 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1017.17 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06
kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
launchpad.net/bugs/cve/CVE-2023-5717
lore.kernel.org/all/[email protected]/T/#u
nvd.nist.gov/vuln/detail/CVE-2023-5717
security-tracker.debian.org/tracker/CVE-2023-5717
ubuntu.com/security/notices/USN-6494-1
ubuntu.com/security/notices/USN-6494-2
ubuntu.com/security/notices/USN-6497-1
ubuntu.com/security/notices/USN-6532-1
ubuntu.com/security/notices/USN-6534-1
ubuntu.com/security/notices/USN-6534-2
ubuntu.com/security/notices/USN-6534-3
ubuntu.com/security/notices/USN-6536-1
ubuntu.com/security/notices/USN-6537-1
ubuntu.com/security/notices/USN-6548-1
ubuntu.com/security/notices/USN-6548-2
ubuntu.com/security/notices/USN-6548-3
ubuntu.com/security/notices/USN-6548-4
ubuntu.com/security/notices/USN-6548-5
ubuntu.com/security/notices/USN-6549-1
ubuntu.com/security/notices/USN-6549-2
ubuntu.com/security/notices/USN-6549-3
ubuntu.com/security/notices/USN-6549-4
ubuntu.com/security/notices/USN-6549-5
ubuntu.com/security/notices/USN-6573-1
ubuntu.com/security/notices/USN-6635-1
www.cve.org/CVERecord?id=CVE-2023-5717