« List of all CVEs

CVE-2023-6546

Kernel: gsm multiplexing race condition leads to privilege escalation

Published: 12/21/2023 Last updated: 11/15/2024 Reserved: 12/6/2023

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7 High CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (44)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat < V4.0.1
Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat 5.15
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat <= 2020.013.20074
Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat 2.0.1
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat 24.0 ap383466
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat 12.0.0
Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat < 10.0.17763.3887
Red Hat Enterprise Linux 9 Red Hat All versions < V4.1.0
Red Hat Enterprise Linux 9 Red Hat 4.0.0
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat < 10.0.17763.2366
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat All versions < V1.0.15
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 6 Red Hat < 1.19.1
Red Hat Enterprise Linux 8 Red Hat < 5268bb02107b9eedfdcd51db75b407d10043368c
Red Hat Enterprise Linux 9 Red Hat 24.0 ap381526
Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat <= 6.6.*
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat 24.0 ap382976
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat < 1.26.0
Red Hat Enterprise Linux 7 Red Hat 7.8.8
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat n/a
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat 24.0 ap382969
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat 12.0.1
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat 24.0 ap383327
Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 24.0 ap383463
RHOL-5.7-RHEL-8 Red Hat 24.0 ap380802
RHOL-5.7-RHEL-8 Red Hat < 1.18.0
RHOL-5.7-RHEL-8 Red Hat 24.0 ap383188
RHOL-5.7-RHEL-8 Red Hat n/a
RHOL-5.7-RHEL-8 Red Hat < 10.0.14393.6981
RHOL-5.7-RHEL-8 Red Hat < 1.6.1
RHOL-5.7-RHEL-8 Red Hat n/a
RHOL-5.7-RHEL-8 Red Hat < 10.0.10240.19685
RHOL-5.7-RHEL-8 Red Hat < 10.0.19041.1415
RHOL-5.7-RHEL-8 Red Hat v3.0.0.136_20121102
RHOL-5.7-RHEL-8 Red Hat < 1.35.1
RHOL-5.7-RHEL-8 Red Hat < 1.38.0
RHOL-5.7-RHEL-8 Red Hat < 1.36.0
RHOL-5.7-RHEL-8 Red Hat 24.0 ap381341
RHOL-5.7-RHEL-8 Red Hat 24.0 ap381498
RHOL-5.7-RHEL-8 Red Hat <= 1.7.0
RHOL-5.7-RHEL-8 Red Hat 12.2
RHOL-5.7-RHEL-8 Red Hat n/a

References (53)