CVE-2023-6546

Kernel: gsm multiplexing race condition leads to privilege escalation

Published: 12/21/2023 Last updated: 11/6/2025 Reserved: 12/6/2023

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7	High	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (83)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	15.6(1)S4
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	QCA6584AU
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	11.1.14.7
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	QCA6574A
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	15.6(2)S
Red Hat Enterprise Linux 9	Red Hat	3.10.0cE
Red Hat Enterprise Linux 9	Red Hat	15.6(1)S
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	12.2(33)MRB4
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	3.10.1E
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	V500R005C00
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	8.5
Red Hat Enterprise Linux 9	Red Hat	QCA6595
Red Hat Enterprise Linux 9	Red Hat	12.2(33)MRB6
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	15.2(2)S1
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	V500R002C20
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.2(1)S
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	12.2(33)MRB
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	QCA6574AU
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	V2.3.1
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	15.0(2)SQD7
Red Hat Enterprise Linux 8	Red Hat	12.2(33)MRB1
Red Hat Enterprise Linux 7	Red Hat	16.12.1
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	QCA8081
Red Hat Enterprise Linux 9	Red Hat	15.2(2)S2
Red Hat Enterprise Linux 8	Red Hat	16.10.3
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	QCA6595AU
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	3.10.0E
Red Hat Enterprise Linux 9	Red Hat	15.6(2)S4
Red Hat Enterprise Linux 7	Red Hat	< 1.3.8
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	15.6(2)S1
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	V500R001C30
Red Hat Enterprise Linux 8	Red Hat	QCA6574
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	9.0
Red Hat Enterprise Linux 8	Red Hat	V1.8 and earlier
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	V2.0
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	12.2(33)MRB3
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	V2.3.0
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	QCA6678AQ
Red Hat Enterprise Linux 8	Red Hat	8.0
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	15.0(2)SQD8
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	3.10.2E
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	V500R001C60
RHOL-5.7-RHEL-8	Red Hat	3.10.3E
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	15.6(1)S1
RHOL-5.7-RHEL-8	Red Hat	15.2(2)S
RHOL-5.7-RHEL-8	Red Hat	V500R005C00
RHOL-5.7-RHEL-8	Red Hat	QCA6696
RHOL-5.7-RHEL-8	Red Hat	V2.4
RHOL-5.7-RHEL-8	Red Hat	16.11.1
RHOL-5.7-RHEL-8	Red Hat	15.6(1)S2
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	15.2(1)S1
RHOL-5.7-RHEL-8	Red Hat	16.11.1a
RHOL-5.7-RHEL-8	Red Hat	V2.5
RHOL-5.7-RHEL-8	Red Hat	15.6(2)S2
RHOL-5.7-RHEL-8	Red Hat	QCA6698AQ
RHOL-5.7-RHEL-8	Red Hat	V500R001C30
RHOL-5.7-RHEL-8	Red Hat	15.2(4)S
RHOL-5.7-RHEL-8	Red Hat	16.11.1b
RHOL-5.7-RHEL-8	Red Hat	15.6(1)S3
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	V500R001C60
RHOL-5.7-RHEL-8	Red Hat	V2.6
RHOL-5.7-RHEL-8	Red Hat	QCA8072
RHOL-5.7-RHEL-8	Red Hat	16.11.2
RHOL-5.7-RHEL-8	Red Hat	<= 3.6.7
RHOL-5.7-RHEL-8	Red Hat	n/a
RHOL-5.7-RHEL-8	Red Hat	15.6(2)S3
RHOL-5.7-RHEL-8	Red Hat	15.2(1)S2
RHOL-5.7-RHEL-8	Red Hat	and V2.7
RHOL-5.7-RHEL-8	Red Hat	V500R005C00
RHOL-5.7-RHEL-8	Red Hat	16.11.1s
RHOL-5.7-RHEL-8	Red Hat	QCA8075
RHOL-5.7-RHEL-8	Red Hat	Versions which Build time before August 18 2019
RHOL-5.7-RHEL-8	Red Hat	< 2.0.0

CVE-2023-6546

Kernel: gsm multiplexing race condition leads to privilege escalation

Metrics

Opam packages affected (27)

Products affected (83)

References (106)