CVE-2023-2006: Linux Kernel RxRPC Race Condition Privilege Escalation Vulnerability
First published: Mon Apr 24 2023(Updated: )
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.10<5.10.157 | |
| Linux Linux kernel | >=5.11<5.15.81 | |
| Linux Linux kernel | >=5.16<6.0.11 | |
| Netapp Hci Baseboard Management Controller | =h300s | |
| Netapp Hci Baseboard Management Controller | =h410c | |
| Netapp Hci Baseboard Management Controller | =h410s | |
| Netapp Hci Baseboard Management Controller | =h500s | |
| Netapp Hci Baseboard Management Controller | =h700s | |
| redhat/kernel | <6.1 | 6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2189112
- https://github.com/torvalds/linux/commit/3bcd6c7eaa53
- https://security.netapp.com/advisory/ntap-20230609-0004/
- https://www.zerodayinitiative.com/advisories/ZDI-23-439/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2170099
- https://access.redhat.com/security/cve/cve-2023-2006
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3bcd6c7eaa53
Frequently Asked Questions
What is CVE-2023-2006?
CVE-2023-2006 is a privilege escalation vulnerability in the Linux Kernel.
How severe is CVE-2023-2006?
CVE-2023-2006 has a severity score of 8.8 out of 10.
Who is affected by CVE-2023-2006?
Linux Kernel versions 5.10.0 to 5.10.157, 5.11.0 to 5.15.81, and 5.16.0 to 6.0.11 are affected by CVE-2023-2006.
What is the impact of CVE-2023-2006?
CVE-2023-2006 allows local attackers to escalate privileges on affected installations of Linux Kernel.
How can CVE-2023-2006 be fixed?
Updating to Linux Kernel version 6.1 or applying the necessary security patches from Red Hat resolves CVE-2023-2006.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-2006
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-439
- alias/ZDI-CAN-15975
- agent/tags
- agent/event
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.10
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- vendor/netapp
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h700s
- package-manager/redhat
- canonical/linux kernel