What is CVE-2023-3758?

CVE-2023-3758 is a high-severity vulnerability in Fedoraproject Fedora, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 7.1/10. Published 2024-04-18.

How severe is CVE-2023-3758?

High severity. CVSS v3 base score is 7.1 out of 10.

Is CVE-2023-3758 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fedoraproject Fedora

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Vulnerability class: Race Condition

EPSS: 0.010 (59.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Fedoraproject Fedora — versions 38, 39, 40
Fedoraproject Sssd
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:2.9.4-3.el8_10
Red Hat Enterprise Linux 8.6 Extended Update Support — versions 0:2.6.2-4.el8_6.3
Red Hat Enterprise Linux 8.8 Extended Update Support — versions 0:2.8.2-4.el8_8.2
Red Hat Enterprise Linux 9 — versions 0:2.9.4-6.el9_4
Red Hat Enterprise Linux 9.0 Extended Update Support — versions 0:2.6.2-4.el9_0.3
Red Hat Enterprise Linux 9.2 Extended Update Support — versions 0:2.8.2-5.el9_2.4

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Third Party Advisory, Issue Tracking)
secalert@redhat.com (Exploit, Patch, Issue Tracking)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2023-3758?: CVE-2023-3758 is a high-severity vulnerability in Fedoraproject Fedora, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 7.1/10. Published 2024-04-18.
How severe is CVE-2023-3758?: High severity. CVSS v3 base score is 7.1 out of 10.
Is CVE-2023-3758 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.