CVE-2023-6546

Description

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

References

https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527

https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3

https://bugzilla.redhat.com/show_bug.cgi?id=2255498

https://access.redhat.com/security/cve/CVE-2023-6546

https://access.redhat.com/errata/RHSA-2024:2697

https://access.redhat.com/errata/RHSA-2024:2621

https://access.redhat.com/errata/RHSA-2024:2394

https://access.redhat.com/errata/RHSA-2024:2093

https://access.redhat.com/errata/RHSA-2024:1614

https://access.redhat.com/errata/RHSA-2024:1612

https://access.redhat.com/errata/RHSA-2024:1607

https://access.redhat.com/errata/RHSA-2024:1306

https://access.redhat.com/errata/RHSA-2024:1253

https://access.redhat.com/errata/RHSA-2024:1250

https://access.redhat.com/errata/RHSA-2024:1055

https://access.redhat.com/errata/RHSA-2024:1019

https://access.redhat.com/errata/RHSA-2024:1018

https://access.redhat.com/errata/RHSA-2024:0937

https://access.redhat.com/errata/RHSA-2024:0930

http://www.openwall.com/lists/oss-security/2024/04/17/1

http://www.openwall.com/lists/oss-security/2024/04/16/2

http://www.openwall.com/lists/oss-security/2024/04/12/2

http://www.openwall.com/lists/oss-security/2024/04/12/1

http://www.openwall.com/lists/oss-security/2024/04/11/9

http://www.openwall.com/lists/oss-security/2024/04/11/7

http://www.openwall.com/lists/oss-security/2024/04/10/21

http://www.openwall.com/lists/oss-security/2024/04/10/18

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3