CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	5.3 (including)	5.4.242 (excluding)
Linux_kernel	Linux	5.5 (including)	5.10.179 (excluding)
Linux_kernel	Linux	5.11 (including)	5.15.109 (excluding)
Linux_kernel	Linux	5.16 (including)	6.1.26 (excluding)
Linux_kernel	Linux	6.2 (including)	6.2.13 (excluding)

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-2163
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References