CVE-2023-39191

CVSS V2 None CVSS V3 None
Description
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Overview
  • CVE ID
  • CVE-2023-39191
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-04T18:03:02.966Z
  • Last Modified Date
  • 2024-05-01T20:20:52.222Z
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2023:6583 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0381 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0439 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0448 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-39191 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2226783 issue-tracking x_refsource_REDHAT
https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399/
History
Created Old Value New Value Data Type Notes
2024-06-25 19:06:05 Added to TrackCVE