CVE-2023-5717 HIGH

CVE-2023-5717: Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component

Vendor Linux
Product Kernel
Weakness CWE-787
Published October 25, 2023
Last update February 25, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

Key dates

02Disclosure timeline

October 25, 2023 CVE published
February 25, 2026 Record updated