Linux Kernel Performance Events Vulnerability
CVE-2023-5717

7.8HIGH

Key Information:

Vendor: Linux
Status: Kernel
Vendor: CVE Published:; 25 October 2023

Badges

👾 Exploit Exists

What is CVE-2023-5717?

A vulnerability in the Linux Kernel's Performance Events (perf) component allows for a heap out-of-bounds write. The issue arises when the function perf_read_group() is invoked while an event's sibling_list is smaller than its child's sibling_list, leading to potential write operations outside of the allocated memory buffer. This can be exploited for local privilege escalation, compromising system security. Users are advised to upgrade to a version past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06 to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kernel 4.4 < 6.6

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

patch

https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e5...

https://lists.debian.org/debian-lts-announce/2024/01/msg0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 23, 2024
👾
Exploit known to exist
Jan 23, 2024
Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 23, 2023

Credit

Budimir Markovic

JSON

Linux

Badges

What is CVE-2023-5717?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.