CVE-2023-3972: 
Linux Red Hat vulnerability analysis and mitigation

A vulnerability (CVE-2023-3972) was discovered in the insights-client package, affecting Red Hat Enterprise Linux systems. The vulnerability was disclosed on November 1, 2023, and stems from insecure file operations and unsafe handling of temporary files and directories. This security issue affects various versions of Red Hat Enterprise Linux 7, 8, and 9 systems running the insights-client package versions prior to 3.2.2 (NVD, Red Hat CVE).

The vulnerability occurs due to insecure handling of temporary files and directories in the insights-client package. Before the insights-client registration by root, an unprivileged local user can create the /var/tmp/insights-client directory with read, write, and execute permissions. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with high impact potential (NVD).

The vulnerability allows an attacker to control directory content that insights uses after root registration, enabling arbitrary code execution as root. This effectively bypasses SELinux protections since insights processes are allowed to disable SELinux system-wide. The high severity rating reflects the potential for complete system compromise through local privilege escalation (Red Hat CVE).

Red Hat has released security updates to address this vulnerability across multiple versions of Red Hat Enterprise Linux. The fix is included in insights-client version 3.2.2 and later. Updates are available through various security advisories including RHSA-2023:6264, RHSA-2023:6282, RHSA-2023:6283, and others. Users are strongly advised to update their systems with the latest security patches (Red Hat Bugzilla).