Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-39191

Опубликовано: 04 окт. 2023
Источник: nvd
CVSS3: 8.2
EPSS Низкий

Описание

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.19 (включая) до 6.3 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00012
Низкий

8.2 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2023-39191

CVSS3: 8.2
ubuntu
больше 1 года назад

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

redhat логотип

CVE-2023-39191

CVSS3: 8.2
redhat
больше 1 года назад

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

debian логотип

CVE-2023-39191

CVSS3: 8.2
debian
больше 1 года назад

An improper input validation flaw was found in the eBPF subsystem in t ...

github логотип

GHSA-gxg7-pxwf-9r28

CVSS3: 8.2
github
больше 1 года назад

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

fstec логотип

BDU:2023-06203

CVSS3: 8.2
fstec
больше 2 лет назад

Уязвимость подсистемы eBPF ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 1%
0.00012
Низкий

8.2 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo