CVE-2023-39191

Kernel: ebpf: insufficient stack type checks in dynptr

Published: 10/4/2023 Last updated: 11/6/2025 Reserved: 7/25/2023

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.2	High	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (22)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	<= 6.12.*
Red Hat Enterprise Linux 9	Red Hat	<= 6.17.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 6	Red Hat	< 4479db143390bdcadc1561292aab579cdfa9f6c6
Red Hat Enterprise Linux 7	Red Hat	< a2182743a8b4969481f64aec4908ff162e8a206c
Red Hat Enterprise Linux 8	Red Hat	6.13
Red Hat Enterprise Linux 9	Red Hat	QFW7114
Red Hat Enterprise Linux 9	Red Hat	QFW7124
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QMP1000
Red Hat Enterprise Linux 6	Red Hat	Qualcomm 215 Mobile Platform
Red Hat Enterprise Linux 7	Red Hat	Qualcommr Video Collaboration VC1 Platform
Red Hat Enterprise Linux 8	Red Hat	Qualcommr Video Collaboration VC5 Platform
Red Hat Enterprise Linux 9	Red Hat	Robotics RB2 Platform
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< b8ced2b9a23a1a2c1e0ed8d0d02512e51bdf38da
Red Hat Enterprise Linux 9	Red Hat	<= 6.12.*
Red Hat Enterprise Linux 8	Red Hat	QXM8083
Red Hat Enterprise Linux 7	Red Hat	Qualcommr Video Collaboration VC3 Platform
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QRB5165M
Red Hat Enterprise Linux 7	Red Hat	ff4528bbc82d0d90073751f7b49e7b9e9c7e5638
Red Hat Enterprise Linux 8	Red Hat	<= 6.6.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 43f26094d6702e494e800532c3f1606e7a68eb30
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QRB5165N

References (28)

Credits (2)

Red Hat would like to thank Zero Day Initiative (ZDI) for reporting this issue.
Red Hat would like to thank Zero Day Initiative (ZDI) for reporting this issue.