CVE-2023-6546

Kernel: gsm multiplexing race condition leads to privilege escalation

Description

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Remediation

Workaround:

This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

Categories

7.0

CVSS

Severity: High

CVSS 3.1 •

EPSS 0.24%

Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9

Affected: Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support

Affected: Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Affected: Red Hat RHOL-5.7-RHEL-8

Affected: Red Hat Red Hat Enterprise Linux 6

Affected: Red Hat Red Hat Enterprise Linux 7

Affected: Red Hat Red Hat Enterprise Linux 9

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:0930	vendor advisory
https://access.redhat.com/errata/RHSA-2024:0937	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1018	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1019	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1055	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1250	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1253	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1306	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1607	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1612	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1614	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2093	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2394	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2621	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2697	vendor advisory
https://access.redhat.com/errata/RHSA-2024:4577	vendor advisory
https://access.redhat.com/errata/RHSA-2024:4729	vendor advisory
https://access.redhat.com/errata/RHSA-2024:4731	vendor advisory
https://access.redhat.com/errata/RHSA-2024:4970	vendor advisory
https://access.redhat.com/security/cve/CVE-2023-6546	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2255498	patch third party advisory issue tracking
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3	patch
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
http://www.openwall.com/lists/oss-security/2024/04/10/18
http://www.openwall.com/lists/oss-security/2024/04/10/21
http://www.openwall.com/lists/oss-security/2024/04/11/7
http://www.openwall.com/lists/oss-security/2024/04/11/9
http://www.openwall.com/lists/oss-security/2024/04/12/1
http://www.openwall.com/lists/oss-security/2024/04/12/2
http://www.openwall.com/lists/oss-security/2024/04/16/2
http://www.openwall.com/lists/oss-security/2024/04/17/1

Frequently Asked Questions

What is the severity of CVE-2023-6546?: CVE-2023-6546 has been scored as a high severity vulnerability.
How to fix CVE-2023-6546?: As a workaround for remediating CVE-2023-6546: This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
Is CVE-2023-6546 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-6546 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-6546?: CVE-2023-6546 affects Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat RHOL-5.7-RHEL-8, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 9.

Description

Remediation

Categories

CWE-416 – Use After Free

CWE-362 – Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

References

Frequently Asked Questions