CVE-2023-6931

Updated: 2024-11-24 05:50:13.042852

Description:

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.0 HIGH Released CLSA-2024:1712263970 2024-04-07 09:55:31
AlmaLinux 9.2 FIPS kernel 5.14.0 7.0 HIGH Released CLSA-2024:1712570434 2024-04-08 10:42:51
CentOS 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-05-22 11:02:36
CentOS 7 ELS kernel 3.10.0 7.0 HIGH Released CLSA-2024:1720468480 2024-07-23 17:20:14
CentOS 8.4 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2024:1705927008 2024-01-22 08:40:58
CentOS 8.5 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2024:1705927642 2024-01-22 08:40:59
CentOS Stream 8 ELS kernel 4.18.0 7.0 HIGH Already Fixed 2024-06-09 14:20:51
CloudLinux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-05-22 11:02:36
Oracle Linux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-05-22 11:02:36
Ubuntu 16.04 ELS linux 4.4.0 7.0 HIGH Released CLSA-2024:1705078045 2024-01-12 13:09:03
Total: 12