CVE-2023-5369

04.10.2023, 04:15

Before correction, thecopy_file_rangesystem call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively.  Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.

This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
freebsd	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
freebsd	freebsd	13.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-273 - Improper Check for Dropped Privileges
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc

https://security.netapp.com/advisory/ntap-20231124-0009/

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc

https://security.netapp.com/advisory/ntap-20231124-0009/