CVE-2023-5717

HIGH 7.8

Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

CWE	CWE-787
Vendor	linux
Product	kernel
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 25, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for linux kernel

Be the first to know when new high vulnerabilities affecting linux kernel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Linux / Kernel

4.4 < 6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 kernel.dance: https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Credits

Budimir Markovic