What is CVE-2023-5369?

CVE-2023-5369 is a vulnerability in Freebsd, classified under Improper Check for Dropped Privileges. Published 2023-10-04.

Is CVE-2023-5369 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Freebsd

CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call mu…

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 13.2-RELEASE

Weakness classification (CWE)

CWE-273 — Improper Check for Dropped Privileges

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc (vendor-advisory)
security.netapp.com/advisory/ntap-20231124-0009/

Frequently asked questions

What is CVE-2023-5369?: CVE-2023-5369 is a vulnerability in Freebsd, classified under Improper Check for Dropped Privileges. Published 2023-10-04.
Is CVE-2023-5369 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.