CVE-2023-29145

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Published: Jun 30, 2023
Updated: Jul 12, 2023
CVE: CVE-2023-29145
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
malwarebytes / malwarebytes	-	1.0.14.x
malwarebytes / endpoint_detection_and_response	-	1.0.11.x

https://malwarebytes.com
https://www.malwarebytes.com/secure/cves/cve-2023-29145

Vulnerability Database

289,697

CVE-2023-29145