CVE-2023-29145: 
Homebrew vulnerability analysis and mitigation

The Malwarebytes EDR 1.0.11 for Linux driver contains a security vulnerability related to improper whitelisting of executable libraries. This vulnerability was assigned CVE-2023-29145 and affects Malwarebytes EDR versions up to 1.0.11 and Malwarebytes for Linux versions up to 1.0.14 (Malwarebytes Advisory).

The vulnerability stems from the EDR driver's failure to properly validate and ensure whitelisting of executable libraries that are loaded by executable files. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD). The vulnerability is classified under CWE-114: Process Control (Malwarebytes Advisory).

The vulnerability allows attackers to execute arbitrary code on affected systems. This can be achieved through multiple attack vectors, including manipulation of LDLIBRARYPATH, setting LD_PRELOAD, or running an executable file in a debugger (CVE).

Malwarebytes has released patched versions to address this vulnerability. The issue is fixed in EDR for Linux version 1.0.56. Users are strongly recommended to upgrade affected endpoints to the patched versions (Malwarebytes Advisory).