2238898 – (CVE-2023-41915) CVE-2023-41915 pmix: race condition allows attackers to obtain ownership of arbitrary files

Bug 2238898 (CVE-2023-41915) - CVE-2023-41915 pmix: race condition allows attackers to obtain ownership of arbitrary files

Summary: CVE-2023-41915 pmix: race condition allows attackers to obtain ownership of a...

Keywords:
Status:	NEW
Alias:	CVE-2023-41915
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2239125 2239124
Blocks:	2238897
TreeView+	depends on / blocked

Reported:	2023-09-14 07:58 UTC by ybuenos
Modified:	2023-09-26 06:03 UTC (History)
CC List:	1 user (show)
Fixed In Version:	PMIx 4.2.6, PMIx 5.0.1
Doc Type:	If docs needed, set a value
Doc Text:	OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description ybuenos 2023-09-14 07:58:40 UTC

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

https://docs.openpmix.org/en/latest/security.html
https://github.com/openpmix/openpmix/releases/tag/v5.0.1
https://github.com/openpmix/openpmix/releases/tag/v4.2.6

Comment 3 Dhananjay Arunesh 2023-09-15 11:21:24 UTC

Created pmix tracking bugs for this issue:

Affects: epel-7 [bug 2239125]
Affects: fedora-all [bug 2239124]

Note You need to log in before you can comment on or make changes to this bug.