Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2023-41915

Published: 09/09/2023 Updated: 09/01/2024
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Openpmix

Vulnerability Summary

OpenPMIx PMIx prior to 4.2.6 and 5.0.x prior to 5.0.1 allows malicious users to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openpmix openpmix

openpmix openpmix 5.0.0

fedoraproject fedora 37

fedoraproject fedora 38

fedoraproject fedora 39

debian debian linux 10.0

debian debian linux 12.0

Vendor Advisories

Debian CVElist Bug Report Logs: pmix: CVE-2023-41915
Debian Bug report logs - #1051729 pmix: CVE-2023-41915 Package: src:pmix; Maintainer for src:pmix is Alastair McKinstry <mckinstry@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Sep 2023 19:39:01 UTC Severity: grave Tags: security, upstream Found in version pmix/500~rc1-2 Fixed in ...
Debian Security Advisories: DSA-5547-1 pmix -- security update
Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface (PMI) Exascale API, could allow a malicious user to obtain ownership of an arbitrary file on the filesystem when parts of the PMIx library are called by a process with elevated privileges, resulting in privilege escalation This may happen ...
Red Hat:
Description<!---->OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary filesOpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files ...

References

CWE-362https://docs.openpmix.org/en/latest/security.htmlhttps://github.com/openpmix/openpmix/releases/tag/v5.0.1https://github.com/openpmix/openpmix/releases/tag/v4.2.6https://lists.debian.org/debian-lts-announce/2023/10/msg00048.htmlhttps://www.debian.org/security/2023/dsa-5547https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051729https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5547
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook