CVE-2023-6917

{"id": "CVE-2023-6917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-02-28T15:15:07.867", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2213", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6917", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983", "tags": ["Third Party Advisory", "Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2213", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6917", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983", "tags": ["Third Party Advisory", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-378"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en el paquete Performance Co-Pilot (PCP), derivada de los niveles de privilegios mixtos utilizados por los servicios systemd asociados con PCP. Si bien ciertos servicios operan dentro de los l\u00edmites de privilegios limitados de usuario/grupo de PCP, a otros se les otorgan privilegios completos de ra\u00edz. Esta disparidad en los niveles de privilegios plantea un riesgo cuando los procesos ra\u00edz privilegiados interact\u00faan con directorios o \u00e1rboles de directorios propiedad de usuarios PCP sin privilegios. Espec\u00edficamente, esta vulnerabilidad puede comprometer el aislamiento del usuario de PCP y facilitar ataques locales de PCP a ra\u00edz, particularmente a trav\u00e9s de ataques de enlace simb\u00f3lico. Estas vulnerabilidades subrayan la importancia de mantener mecanismos s\u00f3lidos de separaci\u00f3n de privilegios dentro de PCP para mitigar la posibilidad de una escalada de privilegios no autorizada."}], "lastModified": "2025-04-01T15:34:51.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECAFCE0C-BF3F-46DA-BFC9-D5E7BAA2F24C", "versionEndExcluding": "6.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}