cbcvebase.
CVE-2023-5717
published 2023-10-25

CVE-2023-5717: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.64-1 (bookworm)linux 6.1.64-1 (bookworm)
linuxkernel>= 4.4 < 6.66.6
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.10.205-25.10.205-2
linuxlinux_kernel>= 0 < 6.1.64-16.1.64-1
linuxlinux_kernel>= 0 < 6.5.10-16.5.10-1
linuxlinux_kernel>= 0 < 6.5.10-16.5.10-1
linuxlinux_kernel>= 0 < 5.4.0-169.1875.4.0-169.187
linuxlinux_kernel>= 0 < 5.15.0-91.1015.15.0-91.101
linuxlinux_kernel>= 0 < 4.4.0-248.2824.4.0-248.282
linuxlinux_kernel>= 0 < 4.15.0-220.2314.15.0-220.231
linuxlinux_kernel>= 3.16.50 < 3.173.17
linuxlinux_kernel>= 3.2.95 < 3.33.3
linuxlinux_kernel>= 4.15 < 4.19.2974.19.297
linuxlinux_kernel>= 4.20 < 5.4.2595.4.259
linuxlinux_kernel>= 4.4 < 4.14.3284.14.328
linuxlinux_kernel>= 5.11 < 5.15.1375.15.137
linuxlinux_kernel>= 5.16 < 6.1.606.1.60
linuxlinux_kernel>= 5.5 < 5.10.1995.10.199
linuxlinux_kernel>= 6.2 < 6.5.96.5.9
msrccbl2_hyperv-daemons_5.15.137.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.137.1-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
ubuntulinux-gcp

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH