CVE-2023-6546
Kernel: gsm multiplexing race condition leads to privilege escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de línea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. Esto podría permitir que un usuario local sin privilegios aumente sus privilegios en el sistema.
This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the n_gsm driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-06 CVE Reserved
- 2023-12-21 CVE Published
- 2024-05-08 EPSS Updated
- 2024-09-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (31)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2255498 | 2024-07-23 | |
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3 | 2024-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.5 Search vendor "Linux" for product "Linux Kernel" and version " < 6.5" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc1 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc2 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc3 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc4 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc5 |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5 Search vendor "Linux" for product "Linux Kernel" and version "6.5" | rc6 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
|