CVE-2023-6931

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.0
v2 : unknown
v3 : 7.8
References () https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Mailing List, Patch () https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Mailing List, Patch
References () https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Patch () https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Patch
References () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html - Mailing List, Third Party Advisory

01 Feb 2024, 18:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 7.0
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - Mailing List, Third Party Advisory
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html - Mailing List, Third Party Advisory

28 Dec 2023, 17:00

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b - () https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Mailing List, Patch
References () https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b - () https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b - Patch

19 Dec 2023, 14:49

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-19 14:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6931

Mitre link : CVE-2023-6931

CVE.ORG link : CVE-2023-6931


JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write