VDB

CVE-2023-5369

CVE-2023-5369 PUBLISHED CVSS 7.099999904632568 HIGH

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

EPSS 0.08% · 23.3th percentile

Risk Scores

CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.08%
23.3th percentile

Affected Products

VendorProductVersions
FreeBSDFreeBSD13.2-RELEASE, 13.2-RELEASE, 13.2-RELEASE
freebsdfreebsd13.2, 13.2, 13.2

Timeline

  • Oct 4, 2023 EPSS Score
  • Oct 4, 2023 CVE Published
  • Nov 5, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 7, 2024 EPSS Score
  • Feb 7, 2024 EPSS Score
  • Mar 10, 2024 EPSS Score
  • Apr 11, 2024 EPSS Score
  • May 12, 2024 EPSS Score
  • Jun 13, 2024 EPSS Score
  • Jul 15, 2024 EPSS Score
  • Aug 15, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›