Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2023-6546: kernel: GSM multiplexing race condition leads to privilege escalation (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2023-6546: kernel: GSM multiplexing race condition leads to privilege escalation (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
12/21/2023
Created
02/23/2024
Added
02/22/2024
Modified
05/10/2024

Description

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-rt

References

  • CVE-2023-6546
  • RHSA-2024:0930
  • RHSA-2024:0937
  • RHSA-2024:1018
  • RHSA-2024:1019
  • RHSA-2024:1055
  • RHSA-2024:1250
  • RHSA-2024:1253
  • RHSA-2024:1306
  • RHSA-2024:1607
  • RHSA-2024:1612
  • RHSA-2024:1614
  • RHSA-2024:2621
  • RHSA-2024:2697
View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;