CVE-2023-6546
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-513.24.1.rt7.326.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-513.24.1.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:4.18.0-193.136.1.el8_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:4.18.0-305.134.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 0:4.18.0-305.134.1.rt7.210.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 0:4.18.0-305.134.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 0:4.18.0-305.134.1.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 0:4.18.0-372.93.1.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 0:4.18.0-477.55.1.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:5.14.0-70.93.2.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:5.14.0-70.93.1.rt21.165.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:5.14.0-284.55.1.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:5.14.0-284.55.1.rt14.340.el9_2 < * | unaffected |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:4.18.0-372.93.1.el8_6 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-16 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-7 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v6.8.1-408 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-19 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v1.0.0-480 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-9 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v0.4.0-248 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v1.14.6-215 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v6.8.1-431 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v1.1.0-228 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.8.1-471 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v2.9.6-15 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-3 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-27 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v5.7.13-12 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v0.1.0-527 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v0.1.0-225 < * | unaffected |
| Red Hat | RHOL-5.7-RHEL-8 | v0.28.1-57 < * | unaffected |
Weaknesses
- CWE-366: Race Condition within a Thread
Workarounds
This flaw can be mitigated by preventing the affected n_gsm kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2024/04/10/18
- http://www.openwall.com/lists/oss-security/2024/04/10/21
- http://www.openwall.com/lists/oss-security/2024/04/11/7
- http://www.openwall.com/lists/oss-security/2024/04/11/9
- http://www.openwall.com/lists/oss-security/2024/04/12/1
- http://www.openwall.com/lists/oss-security/2024/04/12/2
- http://www.openwall.com/lists/oss-security/2024/04/16/2
- http://www.openwall.com/lists/oss-security/2024/04/17/1
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1612
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/errata/RHSA-2024:2093
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2621
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:4577
- https://access.redhat.com/errata/RHSA-2024:4729
- https://access.redhat.com/errata/RHSA-2024:4731
- https://access.redhat.com/security/cve/CVE-2023-6546
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
References
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1612
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/errata/RHSA-2024:2093
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2621
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:4577
- https://access.redhat.com/errata/RHSA-2024:4729
- https://access.redhat.com/errata/RHSA-2024:4731
- https://access.redhat.com/errata/RHSA-2024:4970
- https://access.redhat.com/security/cve/CVE-2023-6546
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.