Out-of-bounds write in Linux kernel's Performance Events system component
CVE-2023-6931

7HIGH

Key Information:

Vendor

Linux
Status
Kernel
Vendor
CVE Published:
19 December 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-6931?

A vulnerability within the Performance Events system of the Linux kernel permits a heap out-of-bounds write due to an overflow in the read_size of a perf_event. This flaw can potentially be exploited to escalate local privileges, highlighting the importance of timely updates. Users are advised to upgrade to a version beyond commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kernel 4.3 < 6.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-6931
Created by jungju817

References

https://git.kernel.org/pub/scm/linux/kernel/git/stable/li...
patch
https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc79...
https://lists.debian.org/debian-lts-announce/2024/01/msg0...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Budimir Markovic
JSON
.