Unrated severityNVD Advisory· Published Feb 28, 2024· Updated Feb 25, 2026

Pcp: unsafe use of directories allows pcp to root privilege escalation

CVE-2023-6917

Description

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

120

Red Hat/Enterprise Linux Servercpe-rescue4 versions
cpe:/a:redhat:enterprise_linux:9::appstream+ 3 more
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:6.2.0-1.el9
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
Sgi/Performance Co Pilotllm-fuzzy
osv-coords115 versions
pkg:rpm/almalinux/pcp pkg:rpm/almalinux/pcp-conf pkg:rpm/almalinux/pcp-devel pkg:rpm/almalinux/pcp-doc pkg:rpm/almalinux/pcp-export-pcp2elasticsearch pkg:rpm/almalinux/pcp-export-pcp2graphite pkg:rpm/almalinux/pcp-export-pcp2influxdb pkg:rpm/almalinux/pcp-export-pcp2json pkg:rpm/almalinux/pcp-export-pcp2spark pkg:rpm/almalinux/pcp-export-pcp2xml pkg:rpm/almalinux/pcp-export-pcp2zabbix pkg:rpm/almalinux/pcp-export-zabbix-agent pkg:rpm/almalinux/pcp-geolocate pkg:rpm/almalinux/pcp-gui pkg:rpm/almalinux/pcp-import-collectl2pcp pkg:rpm/almalinux/pcp-import-ganglia2pcp pkg:rpm/almalinux/pcp-import-iostat2pcp pkg:rpm/almalinux/pcp-import-mrtg2pcp pkg:rpm/almalinux/pcp-import-sar2pcp pkg:rpm/almalinux/pcp-libs pkg:rpm/almalinux/pcp-libs-devel pkg:rpm/almalinux/pcp-pmda-activemq pkg:rpm/almalinux/pcp-pmda-apache pkg:rpm/almalinux/pcp-pmda-bash pkg:rpm/almalinux/pcp-pmda-bcc pkg:rpm/almalinux/pcp-pmda-bind2 pkg:rpm/almalinux/pcp-pmda-bonding pkg:rpm/almalinux/pcp-pmda-bpf pkg:rpm/almalinux/pcp-pmda-bpftrace pkg:rpm/almalinux/pcp-pmda-cifs pkg:rpm/almalinux/pcp-pmda-cisco pkg:rpm/almalinux/pcp-pmda-dbping pkg:rpm/almalinux/pcp-pmda-denki pkg:rpm/almalinux/pcp-pmda-dm pkg:rpm/almalinux/pcp-pmda-docker pkg:rpm/almalinux/pcp-pmda-ds389 pkg:rpm/almalinux/pcp-pmda-ds389log pkg:rpm/almalinux/pcp-pmda-elasticsearch pkg:rpm/almalinux/pcp-pmda-farm pkg:rpm/almalinux/pcp-pmda-gfs2 pkg:rpm/almalinux/pcp-pmda-gluster pkg:rpm/almalinux/pcp-pmda-gpfs pkg:rpm/almalinux/pcp-pmda-gpsd pkg:rpm/almalinux/pcp-pmda-hacluster pkg:rpm/almalinux/pcp-pmda-haproxy pkg:rpm/almalinux/pcp-pmda-infiniband pkg:rpm/almalinux/pcp-pmda-json pkg:rpm/almalinux/pcp-pmda-libvirt pkg:rpm/almalinux/pcp-pmda-lio pkg:rpm/almalinux/pcp-pmda-lmsensors pkg:rpm/almalinux/pcp-pmda-logger pkg:rpm/almalinux/pcp-pmda-lustre pkg:rpm/almalinux/pcp-pmda-lustrecomm pkg:rpm/almalinux/pcp-pmda-mailq pkg:rpm/almalinux/pcp-pmda-memcache pkg:rpm/almalinux/pcp-pmda-mic pkg:rpm/almalinux/pcp-pmda-mongodb pkg:rpm/almalinux/pcp-pmda-mounts pkg:rpm/almalinux/pcp-pmda-mssql pkg:rpm/almalinux/pcp-pmda-mysql pkg:rpm/almalinux/pcp-pmda-named pkg:rpm/almalinux/pcp-pmda-netcheck pkg:rpm/almalinux/pcp-pmda-netfilter pkg:rpm/almalinux/pcp-pmda-news pkg:rpm/almalinux/pcp-pmda-nfsclient pkg:rpm/almalinux/pcp-pmda-nginx pkg:rpm/almalinux/pcp-pmda-nvidia-gpu pkg:rpm/almalinux/pcp-pmda-openmetrics pkg:rpm/almalinux/pcp-pmda-openvswitch pkg:rpm/almalinux/pcp-pmda-oracle pkg:rpm/almalinux/pcp-pmda-pdns pkg:rpm/almalinux/pcp-pmda-perfevent pkg:rpm/almalinux/pcp-pmda-podman pkg:rpm/almalinux/pcp-pmda-postfix pkg:rpm/almalinux/pcp-pmda-postgresql pkg:rpm/almalinux/pcp-pmda-rabbitmq pkg:rpm/almalinux/pcp-pmda-redis pkg:rpm/almalinux/pcp-pmda-resctrl pkg:rpm/almalinux/pcp-pmda-roomtemp pkg:rpm/almalinux/pcp-pmda-rsyslog pkg:rpm/almalinux/pcp-pmda-samba pkg:rpm/almalinux/pcp-pmda-sendmail pkg:rpm/almalinux/pcp-pmda-shping pkg:rpm/almalinux/pcp-pmda-slurm pkg:rpm/almalinux/pcp-pmda-smart pkg:rpm/almalinux/pcp-pmda-snmp pkg:rpm/almalinux/pcp-pmda-sockets pkg:rpm/almalinux/pcp-pmda-statsd pkg:rpm/almalinux/pcp-pmda-summary pkg:rpm/almalinux/pcp-pmda-systemd pkg:rpm/almalinux/pcp-pmda-trace pkg:rpm/almalinux/pcp-pmda-unbound pkg:rpm/almalinux/pcp-pmda-weblog pkg:rpm/almalinux/pcp-pmda-zimbra pkg:rpm/almalinux/pcp-pmda-zswap pkg:rpm/almalinux/pcp-selinux pkg:rpm/almalinux/pcp-system-tools pkg:rpm/almalinux/pcp-testsuite pkg:rpm/almalinux/pcp-zeroconf pkg:rpm/almalinux/perl-PCP-LogImport pkg:rpm/almalinux/perl-PCP-LogSummary pkg:rpm/almalinux/perl-PCP-MMV pkg:rpm/almalinux/perl-PCP-PMDA pkg:rpm/almalinux/python3-pcp pkg:rpm/opensuse/pcp&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/pcp&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Micro%206.1
< 6.2.0-1.el9+ 114 more
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-1.el9
- (no CPE)range: < 6.2.0-150500.8.6.1
- (no CPE)range: < 6.2.0-150600.3.6.1
- (no CPE)range: < 6.2.0-150400.5.12.3
- (no CPE)range: < 6.2.0-150400.5.12.3
- (no CPE)range: < 6.2.0-150500.8.6.1
- (no CPE)range: < 6.2.0-150600.3.6.1
- (no CPE)range: < 6.2.0-150400.5.12.3
- (no CPE)range: < 6.2.0-150400.5.12.3
- (no CPE)range: < 6.2.0-6.29.2
- (no CPE)range: < 6.2.0-1.1
- (no CPE)range: < 6.2.0-slfo.1.1_3.1

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

access.redhat.com/errata/RHSA-2024:2213mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2023-6917mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000