CVE-2023-2006

high

Description

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

References

https://www.zerodayinitiative.com/advisories/ZDI-23-439/

https://security.netapp.com/advisory/ntap-20230609-0004/

https://github.com/torvalds/linux/commit/3bcd6c7eaa53

https://bugzilla.redhat.com/show_bug.cgi?id=2189112

Details

Source: Mitre, NVD

Published: 2023-04-24

Updated: 2023-08-25

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High