Vulnerability Details : CVE-2023-41915
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
Products affected by CVE-2023-41915
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:a:openpmix:openpmix:*:*:*:*:*:*:*:*
- cpe:2.3:a:openpmix:openpmix:5.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41915
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41915
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2023-41915
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-41915
-
https://github.com/openpmix/openpmix/releases/tag/v5.0.1
Release PMIx v5.0.1 · openpmix/openpmix · GitHubRelease Notes
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/
[SECURITY] Fedora 39 Update: slurm-22.05.9-5.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/
[SECURITY] Fedora 38 Update: openmpi-4.1.4-9.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/
[SECURITY] Fedora 37 Update: slurm-22.05.9-5.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/
[SECURITY] Fedora 37 Update: slurm-22.05.9-5.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html
[SECURITY] [DLA 3643-1] pmix security updateMailing List;Third Party Advisory
-
https://docs.openpmix.org/en/latest/security.html
14. OpenPMIx Security Policy — OpenPMIx latest documentationNot Applicable
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/
[SECURITY] Fedora 38 Update: openmpi-4.1.4-9.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
http://www.openwall.com/lists/oss-security/2024/07/10/6
oss-security - Re: linux-distros application for CentOS Project's Hyperscale SIG
-
http://www.openwall.com/lists/oss-security/2024/07/10/3
oss-security - linux-distros application for CentOS Project's Hyperscale SIG
-
https://www.debian.org/security/2023/dsa-5547
Debian -- Security Information -- DSA-5547-1 pmixThird Party Advisory
-
https://github.com/openpmix/openpmix/releases/tag/v4.2.6
Release PMIx v4.2.6 · openpmix/openpmix · GitHubRelease Notes
-
http://www.openwall.com/lists/oss-security/2024/07/11/3
oss-security - Re: linux-distros application for CentOS Project's Hyperscale SIG
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/
[SECURITY] Fedora 39 Update: slurm-22.05.9-5.fc39 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/07/10/4
oss-security - Re: linux-distros application for CentOS Project's Hyperscale SIG
Jump to