{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5717", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-10-23T10:49:09.250Z", "datePublished": "2023-10-25T12:55:06.871Z", "dateUpdated": "2025-02-13T17:25:43.494Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-01-11T19:06:46.196Z"}, "title": "Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component", "datePublic": "2023-10-19T08:09:42.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Linux", "product": "Kernel", "packageName": "kernel", "repo": "https://git.kernel.org", "versions": [{"status": "affected", "version": "4.4", "lessThan": "6.6", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."}], "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["patch"]}, {"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Budimir Markovic", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.716Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["patch", "x_transferred"]}, {"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0791B33-98B2-4081-91D6-F6E6C6342088", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.95", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "04CF39E5-B417-4D51-8790-B5A3C24CF085", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C31A02B-0175-4A49-8B2A-63D1F07114C2", "versionEndExcluding": "4.14.328", "versionStartIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02978144-891F-40EF-83B8-59063740AEF6", "versionEndExcluding": "4.19.297", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9F46843-24C9-4AC7-B6BB-1EF101D05435", "versionEndExcluding": "5.4.259", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B", "versionEndExcluding": "5.10.199", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED031B8B-BFA9-4475-A6D1-1419BDE46E7D", "versionEndExcluding": "5.15.137", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8DBCAF5-D3B4-4DBB-A86B-26B0A6F7B805", "versionEndExcluding": "6.1.60", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7530F3AE-8FCB-4E55-B216-62CE4E1CEDA3", "versionEndExcluding": "6.5.9", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*", "matchCriteriaId": "E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."}, {"lang": "es", "value": "Se puede aprovechar una vulnerabilidad de escritura fuera de l\u00edmites del mont\u00f3n en el componente Linux Kernel Performance Events (perf) del kernel de Linux para lograr una escalada de privilegios local. Si se llama a perf_read_group() mientras la lista de hermanos de un evento es m\u00e1s peque\u00f1a que la lista de hermanos de su hijo, puede incrementar o escribir en ubicaciones de memoria fuera del b\u00fafer asignado. Recomendamos actualizar despu\u00e9s del commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."}], "id": "CVE-2023-5717", "lastModified": "2025-02-13T18:15:59.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:43.913", "references": [{"source": "cve-coordination@google.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"}, {"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"}, {"source": "cve-coordination@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"source": "cve-coordination@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0881", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-20T00:00:00Z"}, {"advisory": "RHSA-2024:0897", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-513.18.1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-20T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:0575", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.43.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:1248", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.24.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-12T00:00:00Z"}, {"advisory": "RHSA-2024:1248", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.24.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-12T00:00:00Z"}, {"advisory": "RHSA-2024:1250", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.93.2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-12T00:00:00Z"}, {"advisory": "RHSA-2024:1306", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.93.1.rt21.165.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:0448", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.48.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0439", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.48.1.rt14.333.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.8.6-22", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch6-rhel9:v6.8.1-407", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-operator-bundle:v5.8.6-19", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-247", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.6-5", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-curator5-rhel9:v5.8.1-470", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-loki-rhel9:v2.9.6-14", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.8.6-2", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-operator-bundle:v5.8.6-24", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-rhel9-operator:v5.8.6-10", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-525", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-224", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/vector-rhel9:v0.28.1-56", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}], "bugzilla": {"description": "kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list", "id": "2246945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246945"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.", "A flaw was found in the Linux kernel's Performance Events system component. A condition can be triggered that allows data to be written past the end or before the beginning of the intended memory buffer. This issue may lead to a system crash, code execution, or local privilege escalation."], "mitigation": {"lang": "en:us", "value": "It is not possible to trigger this issue with the default kernel.perf_event_paranoid sysctl value 2. You may check it with:\ncat /proc/sys/kernel/perf_event_paranoid"}, "name": "CVE-2023-5717", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-10-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5717\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5717\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"], "threat_severity": "Moderate"}