CVE-2023-6546
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-6546
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6546.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-6546
- Related
- Published
- 2023-12-21T20:15:08Z
- Modified
- 2024-09-18T03:24:43.743836Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
- References
-
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1612
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/errata/RHSA-2024:2093
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2621
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:4577
- https://access.redhat.com/errata/RHSA-2024:4729
- https://access.redhat.com/errata/RHSA-2024:4731
- https://access.redhat.com/errata/RHSA-2024:4970
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://access.redhat.com/security/cve/CVE-2023-6546
- https://security-tracker.debian.org/tracker/CVE-2023-6546
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.197-1
Affected versions
5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.13-1
Affected versions
6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1