Vulnerabilities > CVE-2023-5369 - Improper Check for Dropped Privileges vulnerability in Freebsd 13.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |