CVE-2023-39191

Kernel: ebpf: insufficient stack type checks in dynptr

Published: 10/4/2023 Last updated: 11/6/2025 Reserved: 7/25/2023

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.2	High	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (11)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	QFW7114
Red Hat Enterprise Linux 9	Red Hat	QFW7124
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QMP1000
Red Hat Enterprise Linux 6	Red Hat	Qualcomm 215 Mobile Platform
Red Hat Enterprise Linux 7	Red Hat	Qualcommr Video Collaboration VC1 Platform
Red Hat Enterprise Linux 8	Red Hat	Qualcommr Video Collaboration VC5 Platform
Red Hat Enterprise Linux 8	Red Hat	QXM8083
Red Hat Enterprise Linux 7	Red Hat	Qualcommr Video Collaboration VC3 Platform
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QRB5165M
Red Hat Enterprise Linux 9	Red Hat	Robotics RB2 Platform
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QRB5165N

References (28)

Credits (2)

Red Hat would like to thank Zero Day Initiative (ZDI) for reporting this issue.
Red Hat would like to thank Zero Day Initiative (ZDI) for reporting this issue.