A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 7 | High | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Product | Vendor | Version |
|---|---|---|
| Red Hat Enterprise Linux 6 | Red Hat | < 03ed236480aeec8c2fd327a1ea6d711364c495e3 |
| Red Hat Enterprise Linux 7 | Red Hat | < c32fafe68298bb599e825c298e1d0ba30186f0a5 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | Red Hat | < 1.5.7 |
| Red Hat Enterprise Linux 7 | Red Hat | < 97df85871a5b187609d30fca6d85b912d9e02f29 |
| Red Hat Enterprise Linux 9 | Red Hat | 5.16 |
| RHOL-5.7-RHEL-8 | Red Hat | n/a |