How severe is CVE-2023-5369?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-5369?

This is classified as CWE-273, which is a common weakness in software security.

CVE-2023-5369 - HIGH Severity | CVSS 7.1

Vulnerability Description

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

Related Vulnerabilities

CVE-2024-25420

HIGH

CVSS:7.2(High)

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

CWE-2732024

CVE-2006-2916

HIGH

CVSS:7.8(High)

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing...

CWE-2732006

CVE-2018-8599

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elev...

CWE-2732018

CVE-2019-18276

HIGH

CVSS:7.8(High)

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by settin...

CWE-2732019

CVE-2019-20044

HIGH

CVSS:7.8(High)

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by e...

CWE-2732019

CVE-2022-0358

HIGH

CVSS:7.8(High)

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha...

CWE-2732022