Vulnerability DatabaseCVE-2023-6546
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-6546
December 21, 2023
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Related Resources (32)
https://bugzilla.redhat.com/show_bug.cgi?id=2255498
https://access.redhat.com/errata/RHSA-2024:2621
http://www.openwall.com/lists/oss-security/2024/04/11/9
https://access.redhat.com/errata/RHSA-2024:1306
https://access.redhat.com/errata/RHSA-2024:1250
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
http://www.openwall.com/lists/oss-security/2024/04/11/7
http://www.openwall.com/lists/oss-security/2024/04/12/1
https://access.redhat.com/errata/RHSA-2024:4729
http://www.openwall.com/lists/oss-security/2024/04/10/21
https://people.canonical.com/~ubuntu-security/cve/CVE-2023-6546
https://access.redhat.com/errata/RHSA-2024:2394
http://www.openwall.com/lists/oss-security/2024/04/10/18
https://access.redhat.com/errata/RHSA-2024:2697
https://access.redhat.com/errata/RHSA-2024:0937
https://access.redhat.com/errata/RHSA-2024:1019
http://www.openwall.com/lists/oss-security/2024/04/16/2
https://access.redhat.com/errata/RHSA-2024:0930
https://access.redhat.com/errata/RHSA-2024:1612
https://access.redhat.com/security/cve/CVE-2023-6546
https://access.redhat.com/errata/RHSA-2024:1614
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
https://access.redhat.com/errata/RHSA-2024:4577
http://www.openwall.com/lists/oss-security/2024/04/12/2
https://access.redhat.com/errata/RHSA-2024:1253
https://access.redhat.com/errata/RHSA-2024:1607
https://access.redhat.com/errata/RHSA-2024:1018
http://www.openwall.com/lists/oss-security/2024/04/17/1
https://access.redhat.com/errata/RHSA-2024:2093
https://access.redhat.com/errata/RHSA-2024:4970
https://access.redhat.com/errata/RHSA-2024:1055
https://access.redhat.com/errata/RHSA-2024:4731
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Race Condition within a Thread
CWE-366
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
EPSS
Base Score:
0.32