CVE-2023-3758

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CVSS Metrics

• v3.1•HIGH•Score: 7.1CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

• fedoraproject•fedora

  38 | 39 | 40

• fedoraproject•sssd

  < 2.9.5

• redhat•codeready_linux_builder

  8.0

• redhat•codeready_linux_builder_eus

  8.6 | 8.8 | 9.0 | 9.2 | 9.4 | 9.6

• redhat•codeready_linux_builder_for_arm64

  8.0_aarch64

• redhat•codeready_linux_builder_for_arm64_eus

  8.6_aarch64 | 8.8_aarch64 | 9.0_aarch64 | 9.2_aarch64 | 9.4_aarch64 | 9.6_aarch64

• redhat•codeready_linux_builder_for_ibm_z_systems

  8.0_s390x

• redhat•codeready_linux_builder_for_ibm_z_systems_eus

  8.6_s390x | 8.8_s390x | 9.0_s390x | 9.2_s390x | 9.4_s390x | 9.6_s390x

• redhat•codeready_linux_builder_for_power_little_endian

  8.0_ppc64le

• redhat•codeready_linux_builder_for_power_little_endian_eus

  8.6_ppc64le | 8.8_ppc64le | 9.0_ppc64le | 9.2_ppc64le | 9.4_ppc64le | 9.6_ppc64le

• redhat•enterprise_linux

  8.0

• redhat•enterprise_linux_eus

  8.6 | 8.8 | 9.0 | 9.2 | 9.4 | 9.6

• redhat•enterprise_linux_for_arm_64

  8.0_aarch64

• redhat•enterprise_linux_for_arm_64_eus

  8.6_aarch64 | 8.8_aarch64 | 9.0_aarch64 | 9.2_aarch64 | 9.4_aarch64 | 9.6_aarch64

• redhat•enterprise_linux_for_ibm_z_systems

  8.0_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus

  8.6_s390x | 8.8_s390x | 9.0_s390x | 9.2_s390x | 9.4_s390x | 9.6_s390x

• redhat•enterprise_linux_for_power_little_endian

  8.0_ppc64le

• redhat•enterprise_linux_for_power_little_endian_eus

  8.6_ppc64le | 8.8_ppc64le | 9.0_ppc64le | 9.2_ppc64le | 9.4_ppc64le | 9.6_ppc64le

• redhat•enterprise_linux_server_aus

  8.6 | 9.2 | 9.4 | 9.6

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  8.6_ppc64le | 8.8_ppc64le | 9.0_ppc64le | 9.2_ppc64le | 9.4_ppc64le | 9.6_ppc64le

• redhat•enterprise_linux_server_tus

  8.6 | 8.8

• redhat•enterprise_linux_update_services_for_sap_solutions

  8.6 | 8.8 | 9.0 | 9.2 | 9.4 | 9.6

• redhat•virtualization_host

  4.0

References (13)

• https://access.redhat.com/errata/RHSA-2024:1919
• https://access.redhat.com/errata/RHSA-2024:1920
• https://access.redhat.com/errata/RHSA-2024:1921
• https://access.redhat.com/errata/RHSA-2024:1922
• https://access.redhat.com/errata/RHSA-2024:2571
• https://access.redhat.com/errata/RHSA-2024:3270
• https://access.redhat.com/security/cve/CVE-2023-3758
• https://bugzilla.redhat.com/show_bug.cgi?id=2223762
• https://github.com/SSSD/sssd/pull/7302
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/
• https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html