CVE-2023-2163
published 2023-09-20CVE-2023-2163: Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in…
PriorityP279high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.55%
87.8th percentile
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.27-1 (bookworm) | linux 6.1.27-1 (bookworm) |
| chrome_chrome | — | — | |
| linux | linux_kernel | < 71b547f561247897a0a14f3082730156c0533fed | 71b547f561247897a0a14f3082730156c0533fed |
| linux | linux_kernel | >= 0 < 5.10.179-1 | 5.10.179-1 |
| linux | linux_kernel | >= 0 < 6.1.27-1 | 6.1.27-1 |
| linux | linux_kernel | >= 0 < 6.1.27-1 | 6.1.27-1 |
| linux | linux_kernel | >= 0 < 6.1.27-1 | 6.1.27-1 |
| linux | linux_kernel | >= 0 < 5.4.0-162.179 | 5.4.0-162.179 |
| linux | linux_kernel | >= 0 < 5.15.0-79.86 | 5.15.0-79.86 |
| linux | linux_kernel | >= 5.11 < 5.15.109 | 5.15.109 |
| linux | linux_kernel | >= 5.16 < 6.1.26 | 6.1.26 |
| linux | linux_kernel | >= 5.3 < 5.4.242 | 5.4.242 |
| linux | linux_kernel | >= 5.5 < 5.10.179 | 5.10.179 |
| linux | linux_kernel | >= 6.2 < 6.2.13 | 6.2.13 |
| msrc | cbl2_kernel_5.15.133.1-1_on_cbl_mariner_2.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed↗
- →Monitor for unprivileged eBPF usage; the vulnerability requires CAP_SYS_ADMIN or root to exploit when kernel.unprivileged_bpf_disabled=1 is set. Audit sysctl value to detect exposure. ↗
- →Check /proc/sys/kernel/unprivileged_bpf_disabled; a value other than 1 indicates unprivileged BPF is enabled and the system is exposed to this vulnerability. ↗
- →Affected Linux kernel versions are >=5.4; flag systems running kernel 5.4 or later without the patch commit 71b547f561247897a0a14f3082730156c0533fed applied. ↗
- →On Debian, systems running kernel versions prior to 6.1.27-1 (bookworm/forky/sid/trixie) or 5.10.179-1 (bullseye) are vulnerable and should be flagged. ↗
- ·Exploitation requires CAP_SYS_ADMIN or root privileges when kernel.unprivileged_bpf_disabled=1; attack surface is significantly reduced in default RHEL configurations. ↗
- ·RHEL 9.3 and later are not affected as the required patch was applied before CVE creation; RHEL 6 and 7 are also not affected. ↗
- ·Scope of exploitation is local; remote exploitation is not indicated by any source. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv8.8HIGH
vulncheck10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_msrc8.8HIGH
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-bluefield vulnerabilities
osv·2023-09-26·CVSS 6.5
CVE-2022-40982 [MEDIUM] linux-bluefield vulnerabilities
linux-bluefield vulnerabilities
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zi Fan Tan discovered that the bin
OSV
CVE-2023-2163: Incorrect verifier pruning in BPF in Linux Kernel >=5
osv·2023-09-20·CVSS 8.8
CVE-2023-2163 [HIGH] CVE-2023-2163: Incorrect verifier pruning in BPF in Linux Kernel >=5
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
OSV
linux-oem-6.0 vulnerabilities
osv·2023-09-19·CVSS 4.7
CVE-2022-27672 [MEDIUM] linux-oem-6.0 vulnerabilities
linux-oem-6.0 vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the
do_prlimit() function in the Linux kernel did not properly handle
speculative execution barriers. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2023-0
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities
osv·2023-09-11·CVSS 6.5
CVE-2022-40982 [MEDIUM] linux-ibm, linux-ibm-5.4 vulnerabilities
linux-ibm, linux-ibm-5.4 vulnerabilities
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zi Fan Tan discovered tha
OSV
linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
osv·2023-09-08·CVSS 6.8
CVE-2023-2002 [MEDIUM] linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision trac
OSV
linux-azure vulnerabilities
osv·2023-09-06·CVSS 6.8
CVE-2023-2002 [MEDIUM] linux-azure vulnerabilities
linux-azure vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A lo
OSV
linux-azure-fde-5.15 vulnerabilities
osv·2023-09-06·CVSS 5.5
CVE-2022-4269 [MEDIUM] linux-azure-fde-5.15 vulnerabilities
linux-azure-fde-5.15 vulnerabilities
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
attacker could use this to expose sensitive information (kernel
OSV
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
osv·2023-09-05·CVSS 6.8
CVE-2023-2002 [MEDIUM] linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers f
OSV
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
osv·2023-08-31·CVSS 6.5
CVE-2022-40982 [MEDIUM] linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
th
OSV
linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15 vulnerabilities
osv·2023-08-28·CVSS 5.5
CVE-2022-4269 [MEDIUM] linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15 vulnerabilities
linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15 vulnerabilities
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
attacker cou
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, lin
osv·2023-08-17·CVSS 5.5
CVE-2022-4269 [MEDIUM] linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, lin
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
S
VulnCheck
Linux Kernel Incorrect Calculation
vulncheck·2023·CVSS 10.0
CVE-2023-2163 [CRITICAL] Linux Kernel Incorrect Calculation
Linux Kernel Incorrect Calculation
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.
Affected: Linux Kernel
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://hs-8813571.f.hubspotemail.net/hubfs/8813571/PERISCOPE_VULNINTEL_20250903.pdf
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-2163
vendor_chrome·2023-10-06·CVSS 10.0
CVE-2023-2163 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2023-2163
Long Term Support Channel Update for ChromeOS
CVE-2023-2163
Ubuntu
Linux kernel (BlueField) vulnerabilities
vendor_ubuntu·2023-09-26·CVSS 6.5
CVE-2023-2002 [MEDIUM] Linux kernel (BlueField) vulnerabilities
Title: Linux kernel (BlueField) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-09-19·CVSS 4.7
CVE-2023-3141 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the
do_prlimit() function in the Linux kernel did not properly handle
speculative execution barriers. A local attack
Microsoft
Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
vendor_msrc·2023-09-12·CVSS 8.8
CVE-2023-2163 [CRITICAL] CWE-682 Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Google: Google
Customer Action Required:
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2023-09-11·CVSS 6.5
CVE-2023-21255 [MEDIUM] Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-09-08·CVSS 6.8
CVE-2023-21255 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in c
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-09-06·CVSS 6.8
CVE-2023-2002 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision track
Ubuntu
Linux kernel (Azure CVM) vulnerabilities
vendor_ubuntu·2023-09-06·CVSS 5.5
CVE-2023-3141 [MEDIUM] Linux kernel (Azure CVM) vulnerabilities
Title: Linux kernel (Azure CVM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management struct
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-09-05·CVSS 6.8
CVE-2023-2163 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in c
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-08-31·CVSS 6.5
CVE-2023-3777 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulner
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-08-28·CVSS 5.5
CVE-2023-33203 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-08-17·CVSS 5.5
CVE-2023-33203 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
Red Hat
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
vendor_redhat·2023-04-19·CVSS 10.0
CVE-2023-2163 [CRITICAL] CWE-682 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape.
Statement: The Red Hat Enterprise Linux 9.3 not affected, because the required patch applied before this CVE creation. For the Red Hat Enterprise Linux 9 before version 9.3 required fixes applied too.
Mitigation: The default Red Hat En
Debian
CVE-2023-2163: linux - Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code pat...
vendor_debian·2023·CVSS 10.0
CVE-2023-2163 [CRITICAL] CVE-2023-2163: linux - Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code pat...
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Scope: local
bookworm: resolved (fixed in 6.1.27-1)
bullseye: resolved (fixed in 5.10.179-1)
forky: resolved (fixed in 6.1.27-1)
sid: resolved (fixed in 6.1.27-1)
trixie: resolved (fixed in 6.1.27-1)
No detection rules found.
No public exploits indexed.
arXiv
Agora: Trust Less and Open More in Verification for Confidential Computing
arxiv_fulltext·2025-10-13
Agora: Trust Less and Open More in Verification for Confidential Computing
Agora: Trust Less and Open More in Verification for Confidential Computing
Hongbo Chen
0000-0001-9922-4351
Indiana University Bloomington
Bloomington
USA
[email protected]
Quan Zhou
0009-0003-3497-7848
The Pennsylvania State University
University Park
USA
[email protected]
Sen Yang
0000-0002-8866-2097
Yale University
New Haven
USA
[email protected]
Sixuan Dang
0000-0002-3241-9530
Duke University
Durham
USA
[email protected]
Xing Han
0009-0004-9907-0988
Hong Kong University of Science and Technology
Hong Kong
China
[email protected]
Danfeng Zhang
0000-0003-1942-6872
Duke University
Durham
USA
[email protected]
Fan Zhang
0000-0002-8525-4514
Yale University
New Haven
USA
[email protected]
XiaoFeng Wang
0000-0002-0607-4946
Nanyang Technological University
Singapore
Si
Bugzilla
CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
bugzilla·2023-09-22·CVSS 8.8
CVE-2023-2163 [HIGH] CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:7548 https://access.redhat.com/errata/RHSA-2023:7548
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:7549 https://access.redhat.com/errata/RHS
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fedhttps://bughunters.google.com/blog/6303226026131456/a-deep-dive-into-cve-2023-2163-how-we-found-and-fixed-an-ebpf-linux-kernel-vulnerabilityhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed
2023-09-20
Published
Exploited in the wild