{"id":"CVE-2023-5717","summary":"Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component","details":"A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.","modified":"2026-05-15T11:54:47.144611704Z","published":"2023-10-25T12:55:06.871Z","related":["ALSA-2024:0897","SUSE-SU-2023:4730-1","SUSE-SU-2023:4731-1","SUSE-SU-2023:4732-1","SUSE-SU-2023:4733-1","SUSE-SU-2023:4734-1","SUSE-SU-2023:4735-1","SUSE-SU-2023:4782-1","SUSE-SU-2023:4783-1","SUSE-SU-2023:4784-1","SUSE-SU-2023:4810-1","SUSE-SU-2023:4811-1","SUSE-SU-2023:4882-1","SUSE-SU-2023:4883-1","SUSE-SU-2024:1358-1","SUSE-SU-2024:1359-1","SUSE-SU-2024:1380-1","SUSE-SU-2024:1382-1","SUSE-SU-2024:1390-1","SUSE-SU-2024:1400-1","SUSE-SU-2024:1405-1","SUSE-SU-2024:1406-1","SUSE-SU-2024:1418-1","SUSE-SU-2024:1493-1","SUSE-SU-2024:1505-1","SUSE-SU-2024:1537-1","SUSE-SU-2024:1545-1","SUSE-SU-2024:1551-1","SUSE-SU-2024:1558-1","SUSE-SU-2024:1581-1","SUSE-SU-2024:1582-1","SUSE-SU-2024:1596-1","USN-6537-1","USN-6573-1"],"database_specific":{"cna_assigner":"Google","cwe_ids":["CWE-787"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5717.json"},"references":[{"type":"WEB","url":"https://git.kernel.org"},{"type":"WEB","url":"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5717.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5717"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}