CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.

This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

Published: Oct 4, 2023
Updated: Oct 11, 2023
CVE: CVE-2023-5369
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-273

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	13.2	13.2.x

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc
https://security.netapp.com/advisory/ntap-20231124-0009/

Vulnerability Database

289,599

CVE-2023-5369