CVE-2023-5369
CVSS V2 None
CVSS V3 None
Description
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.
This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.
Overview
- CVE ID
- CVE-2023-5369
- Assigner
- freebsd
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-04T03:48:53.559Z
- Last Modified Date
- 2023-10-04T03:53:02.846Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc | vendor-advisory |
| https://security.netapp.com/advisory/ntap-20231124-0009/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-5369 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5369 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 05:40:59 | Added to TrackCVE |