CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.6%

CVSS Severity

CVSS v3 Score 7.1

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc
https://security.netapp.com/advisory/ntap-20231124-0009/
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc
https://security.netapp.com/advisory/ntap-20231124-0009/

Products affected by CVE-2023-5369

Freebsd » Freebsd » Version: 13.2

cpe:2.3:o:freebsd:freebsd:13.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5369

Products

Pricing

Contact Us