Bug 2246945 (CVE-2023-5717) - CVE-2023-5717 kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list
Summary: CVE-2023-5717 kernel: A heap out-of-bounds write when function perf_read_grou...
Keywords:
Status: NEW
Alias: CVE-2023-5717
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2261975
Blocks: 2246946
TreeView+ depends on / blocked
 
Reported: 2023-10-30 08:44 UTC by Avinash Hanwate
Modified: 2024-04-17 19:06 UTC (History)
45 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0688 0 None None None 2024-02-05 17:04:06 UTC
Red Hat Product Errata RHBA-2024:1336 0 None None None 2024-03-14 15:40:47 UTC
Red Hat Product Errata RHBA-2024:1379 0 None None None 2024-03-19 15:00:31 UTC
Red Hat Product Errata RHSA-2024:0439 0 None None None 2024-01-24 16:36:37 UTC
Red Hat Product Errata RHSA-2024:0448 0 None None None 2024-01-24 16:38:27 UTC
Red Hat Product Errata RHSA-2024:0575 0 None None None 2024-01-30 13:22:33 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:30:47 UTC
Red Hat Product Errata RHSA-2024:0881 0 None None None 2024-02-20 12:28:49 UTC
Red Hat Product Errata RHSA-2024:0897 0 None None None 2024-02-20 12:33:31 UTC
Red Hat Product Errata RHSA-2024:1248 0 None None None 2024-03-12 00:45:27 UTC
Red Hat Product Errata RHSA-2024:1250 0 None None None 2024-03-12 00:44:35 UTC
Red Hat Product Errata RHSA-2024:1306 0 None None None 2024-03-13 09:08:20 UTC

Description Avinash Hanwate 2023-10-30 08:44:58 UTC 
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.

If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.

We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06
Comment 6 errata-xmlrpc 2024-01-24 16:36:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439
Comment 7 errata-xmlrpc 2024-01-24 16:38:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0448
Comment 8 errata-xmlrpc 2024-01-30 13:22:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575
Comment 9 Alex 2024-01-30 17:07:18 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2261975]
Comment 11 Justin M. Forbes 2024-02-02 22:52:33 UTC 
This was fixed for Fedora with the 6.5.9 stable kernel updates.
Comment 12 errata-xmlrpc 2024-02-07 16:30:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 14 errata-xmlrpc 2024-02-20 12:28:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
Comment 15 errata-xmlrpc 2024-02-20 12:33:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
Comment 17 errata-xmlrpc 2024-03-12 00:44:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250
Comment 18 errata-xmlrpc 2024-03-12 00:45:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
Comment 19 errata-xmlrpc 2024-03-13 09:08:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306
Note You need to log in before you can comment on or make changes to this bug.