Home > Vulnerability Database > CVE-2023-2006

Mend.io Vulnerability Database

CVE-2023-2006

Date: April 23, 2023

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

Language: C

Severity Score

7.0

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2006

Url: https://security.netapp.com/advisory/ntap-20230609-0004/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-2006

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-439/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2189112

Url: https://github.com/torvalds/linux/commit/3bcd6c7eaa53

Url: https://www.mend.io/vulnerability-database/CVE-2023-2006

Severity Score

7.0

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2006

Date: April 23, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?