CVE-2023-6546: Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
First published: Thu Dec 21 2023(Updated: )
A race condition was found in the GSM 0710 tty multiplexor (drivers/tty/n_gsm.c) in the Linux kernel. The flaw occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled and leads to a use-after-free on a struct gsm_dlci while restarting the gsm mux. A local unprivileged user could use this vulnerability to escalate their privileges on the system. ZDI Security Advisory: <a href="https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527">https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527</a> Upstream fix: <a href="https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3">https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <6.5 | |
| Linux Linux kernel | =6.5-rc1 | |
| Linux Linux kernel | =6.5-rc2 | |
| Linux Linux kernel | =6.5-rc3 | |
| Linux Linux kernel | =6.5-rc4 | |
| Linux Linux kernel | =6.5-rc5 | |
| Linux Linux kernel | =6.5-rc6 | |
| Fedoraproject Fedora | =39 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| redhat/kernel | <6.5 | 6.5 |
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527/
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/security/cve/CVE-2023-6546
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1612
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255517
- https://access.redhat.com/errata/RHSA-2024:1614
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/title
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-24-020
- alias/ZDI-CAN-20527
- alias/CVE-2023-6546
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/event
- agent/description
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/last-modified-date
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- vendor/linux
- canonical/linux kernel
- canonical/linux linux kernel
- version/linux linux kernel/6.5-rc1
- version/linux linux kernel/6.5-rc2
- version/linux linux kernel/6.5-rc3
- version/linux linux kernel/6.5-rc4
- version/linux linux kernel/6.5-rc5
- version/linux linux kernel/6.5-rc6
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/39
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/redhat