CVE-2023-5717

Advisory lineage Upstream: 0 Downstream: 65

Downstream

DEBIAN-CVE-2023-5717 DLA-3710-1 DLA-3711-1 DSA-5594-1 MGASA-2023-0328 MGASA-2023-0331

Modified

Published: 25 Oct 2023, 12:55

Last modified:25 Feb 2026, 17:20

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

0.28% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Oct 2023, 12:55

Published

Vulnerability first disclosed

25 Feb 2026, 17:20

Last Modified

Vulnerability information updated

Description

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.28%• Percentile: 52%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

Unknown•Kernel
≥ 4.4, < 6.6
linux•linux_kernel
≥ 3.2.95, < 3.3 | ≥ 3.16.50, < 3.17 | ≥ 4.4, < 4.14.328 | ≥ 4.15, < 4.19.297 | ≥ 4.20, < 5.4.259 | ≥ 5.5, < 5.10.199 | ≥ 5.11, < 5.15.137 | ≥ 5.16, < 6.1.60 | ≥ 6.2, < 6.5.9 | 6.6:rc1 | 6.6:rc2 | 6.6:rc3 | 6.6:rc4 | 6.6:rc5 | 6.6:rc6