CVE-2023-5717

{"id": "CVE-2023-5717", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-10-25T18:17:43.913", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["Mailing List", "Patch"], "source": "cve-coordination@google.com"}, {"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["Patch"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n"}, {"lang": "es", "value": "Se puede aprovechar una vulnerabilidad de escritura fuera de l\u00edmites del mont\u00f3n en el componente Linux Kernel Performance Events (perf) del kernel de Linux para lograr una escalada de privilegios local. Si se llama a perf_read_group() mientras la lista de hermanos de un evento es m\u00e1s peque\u00f1a que la lista de hermanos de su hijo, puede incrementar o escribir en ubicaciones de memoria fuera del b\u00fafer asignado. Recomendamos actualizar despu\u00e9s del commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."}], "lastModified": "2024-11-21T08:42:20.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0791B33-98B2-4081-91D6-F6E6C6342088", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.95"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04CF39E5-B417-4D51-8790-B5A3C24CF085", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.50"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C31A02B-0175-4A49-8B2A-63D1F07114C2", "versionEndExcluding": "4.14.328", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02978144-891F-40EF-83B8-59063740AEF6", "versionEndExcluding": "4.19.297", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9F46843-24C9-4AC7-B6BB-1EF101D05435", "versionEndExcluding": "5.4.259", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B", "versionEndExcluding": "5.10.199", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED031B8B-BFA9-4475-A6D1-1419BDE46E7D", "versionEndExcluding": "5.15.137", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8DBCAF5-D3B4-4DBB-A86B-26B0A6F7B805", "versionEndExcluding": "6.1.60", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7530F3AE-8FCB-4E55-B216-62CE4E1CEDA3", "versionEndExcluding": "6.5.9", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}