Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-6931
HistoryDec 19, 2023 - 12:00 a.m.

CVE-2023-6931

2023-12-1900:00:00
ubuntu.com
ubuntu.com
16
linux kernel
heap out-of-bounds
local privilege escalation
perf_event
vulnerability
upgrade
bugzilla
4.4 kernels
perf_event_open
software events
lockdep fix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0

Percentile

5.1%

A heap out-of-bounds write vulnerability in the Linux kernel’s Performance
Events system component can be exploited to achieve local privilege
escalation. A perf_event’s read_size can overflow, leading to an heap
out-of-bounds increment or write in perf_read_group(). We recommend
upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Bugs

Notes

Author Note
Priority reason: On 4.4 kernels, it is still possible to use perf_event_open by default for software events.
sbeattie 7e2c1e4b34f0 (“perf: Fix perf_event_validate_size() lockdep splat”) is a followup lockdep fix for 382c27f4ed28 (“perf: Fix perf_event_validate_size()”)
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-221.232UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-170.188UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-92.102UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-15.15UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-250.284UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1164.177UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1117.127UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1052.57UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1012.12UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1127.133UNKNOWN
Rows per page:
1-10 of 881

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0

Percentile

5.1%