CVE-2023-6931

HIGH

Linux Kernel < 6.7 - Out-of-Bounds Write

Title source: rule

Description

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Exploits (1)

nomisec WORKING POC 2 stars

by K0n9-log · poc

https://github.com/K0n9-log/CVE-2023-6931

View Code ZIP pw:eip

References (4)

Core 4

Core References

Patch

https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Mailing List, Patch patch

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b

Scores

CVSS v3 7.8

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

debian/debian_linux 10.0

linux/linux_kernel 4.3 - 6.7

Published Dec 19, 2023

Tracked Since Feb 18, 2026