fkie_cve-2023-6917
Vulnerability from fkie_nvd
Published
2024-02-28 15:15
Modified
2024-11-21 08:44
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2213
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-6917
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2254983
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2213
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-6917
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2254983
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en el paquete Performance Co-Pilot (PCP), derivada de los niveles de privilegios mixtos utilizados por los servicios systemd asociados con PCP. Si bien ciertos servicios operan dentro de los l\u00edmites de privilegios limitados de usuario/grupo de PCP, a otros se les otorgan privilegios completos de ra\u00edz. Esta disparidad en los niveles de privilegios plantea un riesgo cuando los procesos ra\u00edz privilegiados interact\u00faan con directorios o \u00e1rboles de directorios propiedad de usuarios PCP sin privilegios. Espec\u00edficamente, esta vulnerabilidad puede comprometer el aislamiento del usuario de PCP y facilitar ataques locales de PCP a ra\u00edz, particularmente a trav\u00e9s de ataques de enlace simb\u00f3lico. Estas vulnerabilidades subrayan la importancia de mantener mecanismos s\u00f3lidos de separaci\u00f3n de privilegios dentro de PCP para mitigar la posibilidad de una escalada de privilegios no autorizada."
    }
  ],
  "id": "CVE-2023-6917",
  "lastModified": "2024-11-21T08:44:49.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-28T15:15:07.867",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2213"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-378"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.