An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T02:22:17.904Z

Reserved: 2023-07-25T16:01:14.836Z

Link: CVE-2023-39191

cve-icon Vulnrichment

Updated: 2024-08-02T18:02:06.886Z

cve-icon NVD

Status : Modified

Published: 2023-10-04T19:15:10.210

Modified: 2024-11-21T08:14:52.967

Link: CVE-2023-39191

cve-icon Redhat

Severity : Important

Publid Date: 2023-09-29T00:00:00Z

Links: CVE-2023-39191 - Bugzilla

cve-icon OpenCVE Enrichment

No data.