CVE-2023-41915 – pmix: race condition allows attackers to obtain ownership of arbitrary files

https://notcve.org/view.php?id=CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. OpenPMIx PMIx antes de las versiones 4.2.6 y 5.0.x antes de 5.0.1, permite a los atacantes obtener la propiedad de archivos arbitrarios a través de una condición de ejecución durante la ejecución de código de librería con UID 0. OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files. • http://www.openwall.com/lists/oss-security/2024/07/10/3 http://www.openwall.com/lists/oss-security/2024/07/10/4 http://www.openwall.com/lists/oss-security/2024/07/10/6 http://www.openwall.com/lists/oss-security/2024/07/11/3 https://docs.openpmix.org/en/latest/security.html https://github.com/openpmix/openpmix/releases/tag/v4.2.6 https://github.com/openpmix/openpmix/releases/tag/v5.0.1 https://lists.debian.org/debian-lts-announce/2023/10/msg00048.h • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •