CVE: CVE-2023-6546

Descrizione: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Vettore di attacco CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Riferimenti esterni

• https://access.redhat.com/errata/RHSA-2024:0930
• https://access.redhat.com/errata/RHSA-2024:0937
• https://access.redhat.com/errata/RHSA-2024:1018
• https://access.redhat.com/errata/RHSA-2024:1019
• https://access.redhat.com/errata/RHSA-2024:1055
• https://access.redhat.com/errata/RHSA-2024:1250
• https://access.redhat.com/errata/RHSA-2024:1253
• https://access.redhat.com/errata/RHSA-2024:1306
• https://access.redhat.com/errata/RHSA-2024:1607
• https://access.redhat.com/errata/RHSA-2024:1612
• https://access.redhat.com/errata/RHSA-2024:1614
• https://access.redhat.com/errata/RHSA-2024:2093
• https://access.redhat.com/errata/RHSA-2024:2394
• https://access.redhat.com/errata/RHSA-2024:2621
• https://access.redhat.com/errata/RHSA-2024:2697
• https://access.redhat.com/errata/RHSA-2024:4577
• https://access.redhat.com/errata/RHSA-2024:4729
• https://access.redhat.com/errata/RHSA-2024:4731
• https://access.redhat.com/errata/RHSA-2024:4970
• https://access.redhat.com/security/cve/CVE-2023-6546
• https://bugzilla.redhat.com/show_bug.cgi?id=2255498
• https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
• https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527

Prodotti interessati

• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8.2 Advanced Update Support
• Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
• Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – RHOL-5.7-RHEL-8
• Red Hat – Red Hat Enterprise Linux 6
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 9

Relazioni con altri prodotti

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 6
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Extended Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.8 Extended Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.2 Extended Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Advanced Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.0 Extended Update Support
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Produttore:Red Hat
Prodotto: RHOL-5.7-RHEL-8
Anno: 2023
CWE: CWE-416
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)