vulnerability
CentOS Linux: CVE-2023-39191: Important: kernel security, bug fix, and enhancement update (CESA-2023:6583)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:M/C:C/I:C/A:C) | Oct 4, 2023 | Nov 8, 2023 | Jan 28, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
Oct 4, 2023
Added
Nov 8, 2023
Modified
Jan 28, 2025
Description
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Solution
centos-upgrade-kernel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.