CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0930
https://access.redhat.com/errata/RHSA-2024:0937
https://access.redhat.com/errata/RHSA-2024:1018
https://access.redhat.com/errata/RHSA-2024:1019
https://access.redhat.com/errata/RHSA-2024:1055
https://access.redhat.com/errata/RHSA-2024:1250
https://access.redhat.com/errata/RHSA-2024:1253
https://access.redhat.com/errata/RHSA-2024:1306
https://access.redhat.com/errata/RHSA-2024:1607
https://access.redhat.com/errata/RHSA-2024:1612
https://access.redhat.com/errata/RHSA-2024:1614
https://access.redhat.com/security/cve/CVE-2023-6546	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2255498	Issue Tracking Patch Third Party Advisory
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3	Patch
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc6::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

03 Apr 2024, 00:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1614 -

02 Apr 2024, 19:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1607 - () https://access.redhat.com/errata/RHSA-2024:1612 -

13 Mar 2024, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1306 -

12 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1055 - () https://access.redhat.com/errata/RHSA-2024:1250 - () https://access.redhat.com/errata/RHSA-2024:1253 -

28 Feb 2024, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1018 - () https://access.redhat.com/errata/RHSA-2024:1019 -

22 Feb 2024, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0937 -

21 Feb 2024, 04:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0930 -

10 Jan 2024, 09:15

Type	Values Removed	Values Added
References		() https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527 -

03 Jan 2024, 15:20

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2023-6546 -~~	() https://access.redhat.com/security/cve/CVE-2023-6546 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2255498 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2255498 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3 -~~	() https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3 - Patch
First Time		Redhat enterprise Linux Linux linux Kernel Fedoraproject Redhat Linux Fedoraproject fedora
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.0
CPE		cpe:2.3:o:linux:linux_kernel:6.5:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.5:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.5:rc4:::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:linux:linux_kernel:6.5:rc2:::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:linux:linux_kernel:6.5:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.5:rc3:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-362

22 Dec 2023, 12:18

Type	Values Removed	Values Added
Summary		(es) Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de línea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. Esto podría permitir que un usuario local sin privilegios aumente sus privilegios en el sistema.

21 Dec 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-21 20:15

Updated : 2024-04-03 00:15

NVD link : CVE-2023-6546

Mitre link : CVE-2023-6546

CVE.ORG link : CVE-2023-6546

JSON object : View

Products Affected

linux

linux_kernel

fedoraproject

fedora

redhat

enterprise_linux

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free

7.0 /10