Login Sign Up

CVE-2023-28144

7.0 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges through race conditions in KDAB Hotspot's performance privilege elevation script. It affects users running Hotspot 1.3.x through 1.4.1 in non-default configurations where symlink manipulation can be exploited. The vulnerability requires local access and specific configuration settings to be vulnerable.

💻 Affected Systems

Products:
  • KDAB Hotspot
Versions: 1.3.x through 1.4.1
Operating Systems: Linux
Default Config Vulnerable: ✅ No
Notes: Only vulnerable in non-default configurations where symlink manipulation is possible during privilege elevation.

📦 What is this software?

Hotspot by Kdab

View all CVEs affecting Hotspot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root privileges on the system, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Local user with limited privileges escalates to root to bypass security controls and access restricted resources.

🟢

If Mitigated

Attack fails due to default configuration or proper file permission controls preventing symlink manipulation.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and race condition timing to manipulate symlinks during chown operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.2 and later

Vendor Advisory: https://github.com/KDAB/hotspot/releases

Restart Required: No

Instructions:

1. Update to Hotspot version 1.4.2 or later. 2. Download from GitHub releases. 3. Replace existing installation with patched version.

🔧 Temporary Workarounds

Disable non-default privilege elevation

linux

Run Hotspot with default configuration that doesn't use elevate_perf_privileges.sh

Ensure Hotspot runs without performance privilege elevation features

Restrict symlink creation

linux

Implement filesystem policies to prevent symlink manipulation in Hotspot directories

chmod 700 /path/to/hotspot/directories
setfacl -m u:hotspotuser:rwx /path/to/hotspot

🧯 If You Can't Patch

  • Run Hotspot only with default configuration settings
  • Implement strict file permission controls on Hotspot directories and scripts

🔍 How to Verify

Check if Vulnerable:

Check Hotspot version: if version is between 1.3.0 and 1.4.1 inclusive, and non-default privilege elevation is configured, system is vulnerable.

Check Version:

hotspot --version

Verify Fix Applied:

Verify Hotspot version is 1.4.2 or later using version check command.

📡 Detection & Monitoring

Log Indicators:

  • Multiple rapid chown operations on symlinks
  • Unusual privilege escalation attempts from Hotspot processes
  • Symlink creation in Hotspot directories

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

process.name:hotspot AND (event.action:chown OR file.path:*symlink*)

📊 Metadata

CVE ID: CVE-2023-28144
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: March 14, 2023
Last Updated: February 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28144, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)