Vulnerability Details CVE-2023-41915
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 8.1
References
- http://www.openwall.com/lists/oss-security/2024/07/10/3
- http://www.openwall.com/lists/oss-security/2024/07/10/4
- http://www.openwall.com/lists/oss-security/2024/07/10/6
- http://www.openwall.com/lists/oss-security/2024/07/11/3
- https://docs.openpmix.org/en/latest/security.html
- https://github.com/openpmix/openpmix/releases/tag/v4.2.6
- https://github.com/openpmix/openpmix/releases/tag/v5.0.1
- https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/
- https://www.debian.org/security/2023/dsa-5547
- http://www.openwall.com/lists/oss-security/2024/07/10/3
- http://www.openwall.com/lists/oss-security/2024/07/10/4
- http://www.openwall.com/lists/oss-security/2024/07/10/6
- http://www.openwall.com/lists/oss-security/2024/07/11/3
- https://docs.openpmix.org/en/latest/security.html
- https://github.com/openpmix/openpmix/releases/tag/v4.2.6
- https://github.com/openpmix/openpmix/releases/tag/v5.0.1
- https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/
- https://www.debian.org/security/2023/dsa-5547
Products affected by CVE-2023-41915
-
cpe:2.3:a:openpmix:openpmix:-
-
cpe:2.3:a:openpmix:openpmix:1.0.0
-
cpe:2.3:a:openpmix:openpmix:1.1.0
-
cpe:2.3:a:openpmix:openpmix:1.1.1
-
cpe:2.3:a:openpmix:openpmix:1.1.2
-
cpe:2.3:a:openpmix:openpmix:1.1.3
-
cpe:2.3:a:openpmix:openpmix:1.1.4
-
cpe:2.3:a:openpmix:openpmix:1.1.5
-
cpe:2.3:a:openpmix:openpmix:1.2.0
-
cpe:2.3:a:openpmix:openpmix:1.2.1
-
cpe:2.3:a:openpmix:openpmix:1.2.2
-
cpe:2.3:a:openpmix:openpmix:1.2.3
-
cpe:2.3:a:openpmix:openpmix:1.2.4
-
cpe:2.3:a:openpmix:openpmix:1.2.5
-
cpe:2.3:a:openpmix:openpmix:2.0.0
-
cpe:2.3:a:openpmix:openpmix:2.0.1
-
cpe:2.3:a:openpmix:openpmix:2.0.2
-
cpe:2.3:a:openpmix:openpmix:2.0.3
-
cpe:2.3:a:openpmix:openpmix:2.1.0
-
cpe:2.3:a:openpmix:openpmix:2.1.1
-
cpe:2.3:a:openpmix:openpmix:2.1.2
-
cpe:2.3:a:openpmix:openpmix:2.1.3
-
cpe:2.3:a:openpmix:openpmix:2.1.4
-
cpe:2.3:a:openpmix:openpmix:2.2.0
-
cpe:2.3:a:openpmix:openpmix:2.2.1
-
cpe:2.3:a:openpmix:openpmix:2.2.2
-
cpe:2.3:a:openpmix:openpmix:2.2.3
-
cpe:2.3:a:openpmix:openpmix:2.2.4
-
cpe:2.3:a:openpmix:openpmix:2.2.5
-
cpe:2.3:a:openpmix:openpmix:3.0.0
-
cpe:2.3:a:openpmix:openpmix:3.0.1
-
cpe:2.3:a:openpmix:openpmix:3.0.2
-
cpe:2.3:a:openpmix:openpmix:3.1.0
-
cpe:2.3:a:openpmix:openpmix:3.1.1
-
cpe:2.3:a:openpmix:openpmix:3.1.2
-
cpe:2.3:a:openpmix:openpmix:3.1.3
-
cpe:2.3:a:openpmix:openpmix:3.1.4
-
cpe:2.3:a:openpmix:openpmix:3.1.5
-
cpe:2.3:a:openpmix:openpmix:3.1.6
-
cpe:2.3:a:openpmix:openpmix:3.1.7
-
cpe:2.3:a:openpmix:openpmix:3.2.0
-
cpe:2.3:a:openpmix:openpmix:3.2.1
-
cpe:2.3:a:openpmix:openpmix:3.2.2
-
cpe:2.3:a:openpmix:openpmix:3.2.3
-
cpe:2.3:a:openpmix:openpmix:3.2.4
-
cpe:2.3:a:openpmix:openpmix:3.2.5
-
cpe:2.3:a:openpmix:openpmix:4.0.0
-
cpe:2.3:a:openpmix:openpmix:4.0.1
-
cpe:2.3:a:openpmix:openpmix:4.1.0
-
cpe:2.3:a:openpmix:openpmix:4.1.1
-
cpe:2.3:a:openpmix:openpmix:4.1.2
-
cpe:2.3:a:openpmix:openpmix:4.1.3
-
cpe:2.3:a:openpmix:openpmix:4.2.0
-
cpe:2.3:a:openpmix:openpmix:4.2.1
-
cpe:2.3:a:openpmix:openpmix:4.2.2
-
cpe:2.3:a:openpmix:openpmix:4.2.3
-
cpe:2.3:a:openpmix:openpmix:4.2.4
-
cpe:2.3:a:openpmix:openpmix:4.2.5
-
cpe:2.3:a:openpmix:openpmix:5.0.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:12.0
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:fedoraproject:fedora:39