CVE-2023-6546

moderate-risk

Published 2023-12-21

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Do I need to act?

0.33% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (10)

Linux Kernel

Fedora

Enterprise Linux

Affected Vendors

Redhat Linux Fedoraproject

References (53)

https://access.redhat.com/errata/RHSA-2024:0930

https://access.redhat.com/errata/RHSA-2024:0937

https://access.redhat.com/errata/RHSA-2024:1018

https://access.redhat.com/errata/RHSA-2024:1019

https://access.redhat.com/errata/RHSA-2024:1055

https://access.redhat.com/errata/RHSA-2024:1250

https://access.redhat.com/errata/RHSA-2024:1253

https://access.redhat.com/errata/RHSA-2024:1306

https://access.redhat.com/errata/RHSA-2024:1607

https://access.redhat.com/errata/RHSA-2024:1612

https://access.redhat.com/errata/RHSA-2024:1614

https://access.redhat.com/errata/RHSA-2024:2093

https://access.redhat.com/errata/RHSA-2024:2394

https://access.redhat.com/errata/RHSA-2024:2621

https://access.redhat.com/errata/RHSA-2024:2697

https://access.redhat.com/errata/RHSA-2024:4577

https://access.redhat.com/errata/RHSA-2024:4729

https://access.redhat.com/errata/RHSA-2024:4731

https://access.redhat.com/errata/RHSA-2024:4970

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-6546

and 33 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate