← Back to CVE List

CVE-2023-5369

Published: 2023-10-04T04:15Z
Last Modified: 2024-11-21T08:41Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt