Home > Vulnerability Database > CVE-2023-2006

Mend.io Vulnerability Database

CVE-2023-2006

Good to know:

Date: April 24, 2023

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

Language: C

Severity Score

7.0

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2006

Url: https://security.netapp.com/advisory/ntap-20230609-0004/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-2006

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-439/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2189112

Url: https://github.com/torvalds/linux/commit/3bcd6c7eaa53

Url: https://www.mend.io/vulnerability-database/CVE-2023-2006

Severity Score

7.0

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

Upgrade Version

Upgrade to version v5.10.157,v5.15.81,v6.0.11

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2006

Good to know:

Date: April 24, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?