CVE-2023-5717
Summary
| CVE | CVE-2023-5717 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-10-25 18:17:00 UTC |
|---|
| Updated | 2023-11-04 03:24:00 UTC |
|---|
| Description | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 |
MISC |
kernel.dance |
|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
MISC |
git.kernel.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161372 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-12169)
- 161402 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-0897)
- 161417 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-1248)
- 199929 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6497-1)
- 199936 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-1)
- 199970 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6494-2)
- 199976 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-1)
- 199979 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6532-1)
- 199980 Ubuntu Security Notification for Linux kernel Vulnerability (USN-6536-1)
- 199982 Ubuntu Security Notification for Linux kernel (GCP) Vulnerability (USN-6537-1)
- 199996 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-1)
- 199997 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-1)
- 199999 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6548-2)
- 200002 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-2)
- 200003 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-6549-2)
- 200006 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6548-3)
- 200007 Ubuntu Security Notification for Linux kernel (Low Latency) Vulnerabilities (USN-6549-3)
- 200010 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6534-3)
- 200024 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6549-4)
- 200035 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6549-5)
- 200037 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6548-5)
- 200113 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6635-1)
- 242789 Red Hat Update for kernel (RHSA-2024:0575)
- 242845 Red Hat Update for kernel (RHSA-2024:0448)
- 242846 Red Hat Update for kernel-rt (RHSA-2024:0439)
- 242890 Red Hat Update for kernel (RHSA-2024:0724)
- 242939 Red Hat Update for kernel (RHSA-2024:0897)
- 242983 Red Hat Update for kernel-rt (RHSA-2024:0881)
- 243050 Red Hat Update for kernel (RHSA-2024:1250)
- 243052 Red Hat Update for kernel (RHSA-2024:1248)
- 243062 Red Hat Update for kernel-rt (RHSA-2024:1306)
- 356736 Amazon Linux Security Advisory for kernel : ALAS2-2023-2340
- 356744 Amazon Linux Security Advisory for kernel : ALAS-2023-1883
- 356874 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-056
- 356887 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-043
- 356889 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-030
- 356908 Amazon Linux Security Advisory for kernel : ALAS2023-2023-430
- 356919 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-026
- 356921 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-022
- 356922 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-023
- 356923 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-024
- 356924 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-025
- 356925 Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-021
- 379435 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2024:0012)
- 379614 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2024:0017)
- 6000419 Debian Security Update for linux (DSA 5594-1)
- 6000428 Debian Security Update for linux-5.10 (DLA 3711-1)
- 6000429 Debian Security Update for linux (DLA 3710-1)
- 6140011 AWS Bottlerocket Security Update for kernel (GHSA-4wjq-xvff-wqvw)
- 6140205 AWS Bottlerocket Security Update for kernel (GHSA-4wjq-xvff-wqvw)
- 673534 EulerOS Security Update for kernel (EulerOS-SA-2024-1086)
- 673595 EulerOS Security Update for kernel (EulerOS-SA-2023-3247)
- 673644 EulerOS Security Update for kernel (EulerOS-SA-2023-3336)
- 673692 EulerOS Security Update for kernel (EulerOS-SA-2023-3275)
- 673923 EulerOS Security Update for kernel (EulerOS-SA-2024-1062)
- 673995 EulerOS Security Update for kernel (EulerOS-SA-2024-1275)
- 674042 EulerOS Security Update for kernel (EulerOS-SA-2023-3304)
- 755395 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4784-1)
- 755479 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4882-1)
- 755480 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:4883-1)
- 907621 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (31814-1)
- 907646 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (31774-1)
- 941584 AlmaLinux Security Update for kernel (ALSA-2024:0897)
