CVE-2023-39191

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

Published: Oct 4, 2023
Updated: Oct 7, 2023
CVE: CVE-2023-39191
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	38	38.x
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	5.19	6.3

https://access.redhat.com/errata/RHSA-2023:6583
https://access.redhat.com/errata/RHSA-2024:0381
https://access.redhat.com/errata/RHSA-2024:0439
https://access.redhat.com/errata/RHSA-2024:0448
https://access.redhat.com/security/cve/CVE-2023-39191
https://bugzilla.redhat.com/show_bug.cgi?id=2226783
https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399/

Vulnerability Database

290,278

CVE-2023-39191