Linux Kernel gsm tty multiplexer race leads to local privilege escalation
CVE-2023-6546 Published on December 21, 2023

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-6546 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-6546 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2023-6546

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-6546 are published in these products:

Linux Kernel

Fedora Project Fedora

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Aus

Red Hat Rhel Tus

Red Hat Rhel E4s

Red Hat Rhev Hypervisor

Red Hat Rhel Eus

Red Hat Logging

Linux Kernel

Affected Versions

Red Hat Enterprise Linux 8:

Version 0:4.18.0-513.24.1.rt7.326.el8_9 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:4.18.0-513.24.1.el8_9 and below * is unaffected.

Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:4.18.0-193.136.1.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:4.18.0-305.134.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Telecommunications Update Service:

Version 0:4.18.0-305.134.1.rt7.210.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Telecommunications Update Service:

Version 0:4.18.0-305.134.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions:

Version 0:4.18.0-305.134.1.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.6 Extended Update Support:

Version 0:4.18.0-372.93.1.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Extended Update Support: Red Hat Enterprise Linux 8.8 Extended Update Support:

Version 0:4.18.0-477.55.1.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Extended Update Support: Red Hat Enterprise Linux 9:

Version 0:5.14.0-427.13.1.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:5.14.0-427.13.1.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support:

Version 0:5.14.0-70.93.2.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support:

Version 0:5.14.0-70.93.1.rt21.165.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Extended Update Support: Red Hat Enterprise Linux 9.2 Extended Update Support:

Version 0:5.14.0-284.55.1.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Extended Update Support:

Version 0:5.14.0-284.55.1.rt14.340.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Extended Update Support: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8:

Version 0:4.18.0-372.93.1.el8_6 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-16 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-7 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v6.8.1-408 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-19 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v1.0.0-480 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-9 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v0.4.0-248 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v1.14.6-215 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v6.8.1-431 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v1.1.0-228 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.8.1-471 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v2.9.6-15 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-3 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-27 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v5.7.13-12 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v0.1.0-527 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v0.1.0-225 and below * is unaffected.

Red Hat RHOL-5.7-RHEL-8:

Version v0.28.1-57 and below * is unaffected.

Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 9:

Exploit Probability

EPSS

0.34%

Percentile

55.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Linux Kernel gsm tty multiplexer race leads to local privilege escalationCVE-2023-6546 Published on December 21, 2023

Vulnerability Analysis

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2023-6546

Affected Versions

Exploit Probability

Linux Kernel gsm tty multiplexer race leads to local privilege escalation
CVE-2023-6546 Published on December 21, 2023