CVE-2023-39191

Summary

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 90:5.14.0-362.8.1.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-362.8.1.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.48.1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:5.14.0-284.48.1.rt14.333.el9_2 < *unaffected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References