CVE-2023-6546: Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
First published: Thu Dec 21 2023(Updated: )
A race condition was found in the GSM 0710 tty multiplexor (drivers/tty/n_gsm.c) in the Linux kernel. The flaw occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled and leads to a use-after-free on a struct gsm_dlci while restarting the gsm mux. A local unprivileged user could use this vulnerability to escalate their privileges on the system. ZDI Security Advisory: <a href="https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527">https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527</a> Upstream fix: <a href="https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3">https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.5 | 6.5 |
| Linux kernel | ||
| Linux Kernel | <6.5 | |
| Linux Kernel | =6.5-rc1 | |
| Linux Kernel | =6.5-rc2 | |
| Linux Kernel | =6.5-rc3 | |
| Linux Kernel | =6.5-rc4 | |
| Linux Kernel | =6.5-rc5 | |
| Linux Kernel | =6.5-rc6 | |
| Fedora | =39 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| IBM QRadar Security Information and Event Manager | <=7.5 - 7.5.0 UP8 IF01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/275779
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255517
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1612
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2621
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:4577
- https://access.redhat.com/errata/RHSA-2024:4729
- https://access.redhat.com/errata/RHSA-2024:4731
- https://access.redhat.com/errata/RHSA-2024:4970
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://access.redhat.com/errata/RHSA-2024:2093
- https://access.redhat.com/security/cve/CVE-2023-6546
Frequently Asked Questions
What is the severity of CVE-2023-6546?
CVE-2023-6546 has been categorized as a high-severity vulnerability due to its potential to cause a use-after-free condition.
How do I fix CVE-2023-6546?
To remediate CVE-2023-6546, ensure that you upgrade to a patched version of the Linux kernel or the affected software that addresses this flaw.
Which systems are affected by CVE-2023-6546?
CVE-2023-6546 affects several Linux kernel versions up to 6.5, as well as specific versions of IBM QRadar SIEM and Red Hat Enterprise Linux.
What type of vulnerability is CVE-2023-6546?
CVE-2023-6546 is classified as a race condition vulnerability that leads to a use-after-free error in the Linux kernel.
Can CVE-2023-6546 be exploited remotely?
Exploitation of CVE-2023-6546 typically requires local access to the system, as it involves interactions between threads on a tty file descriptor.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/title
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-6546
- agent/software-canonical-lookup
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-24-020
- alias/ZDI-CAN-20527
- agent/software-canonical-lookup-request
- agent/event
- collector/nvd-api
- source/NVD
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.5-rc1
- version/linux kernel/6.5-rc2
- version/linux kernel/6.5-rc3
- version/linux kernel/6.5-rc4
- version/linux kernel/6.5-rc5
- version/linux kernel/6.5-rc6
- vendor/fedoraproject
- canonical/fedora
- version/fedora/39
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/ibm
- canonical/ibm qradar security information and event manager
- version/ibm qradar security information and event manager/7.5 - 7.5.0 up8 if01