{ "threat_severity" : "Important", "public_date" : "2023-12-21T00:00:00Z", "bugzilla" : { "description" : "kernel: GSM multiplexing race condition leads to privilege escalation", "id" : "2255498", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2255498" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-366", "details" : [ "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.", "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system." ], "statement" : "This vulnerability is critical because it can be exploited to escalate privileges, directly threatening system security. Despite requiring local access and having a high attack complexity, the potential to severely impact confidentiality, integrity, and availability justifies its \"Important\" rating.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1614", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1607", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.24.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1612", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2024-07-16T00:00:00Z", "advisory" : "RHSA-2024:4577", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "kernel-0:4.18.0-193.136.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4731", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.134.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4729", "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.134.1.rt7.210.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4731", "cpe" : "cpe:/o:redhat:rhel_tus:8.4", "package" : "kernel-0:4.18.0-305.134.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4731", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kernel-0:4.18.0-305.134.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-08-01T00:00:00Z", "advisory" : "RHSA-2024:4970", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0930", "cpe" : "cpe:/o:redhat:rhel_eus:8.6", "package" : "kernel-0:4.18.0-372.93.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2024-02-22T00:00:00Z", "advisory" : "RHSA-2024:0937", "cpe" : "cpe:/o:redhat:rhel_eus:8.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2621", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.55.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-05-06T00:00:00Z", "advisory" : "RHSA-2024:2697", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2024-03-12T00:00:00Z", "advisory" : "RHSA-2024:1250", "cpe" : "cpe:/a:redhat:rhel_eus:9.0", "package" : "kernel-0:5.14.0-70.93.2.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2024-03-13T00:00:00Z", "advisory" : "RHSA-2024:1306", "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.93.1.rt21.165.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2024-03-12T00:00:00Z", "advisory" : "RHSA-2024:1253", "cpe" : "cpe:/o:redhat:rhel_eus:9.0", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1018", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.55.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-02-28T00:00:00Z", "advisory" : "RHSA-2024:1019", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.55.1.rt14.340.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-02-29T00:00:00Z", "advisory" : "RHSA-2024:1055", "cpe" : "cpe:/o:redhat:rhel_eus:9.2", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2024-02-21T00:00:00Z", "advisory" : "RHSA-2024:0930", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "kernel-0:4.18.0-372.93.1.el8_6" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/cluster-logging-operator-bundle:v5.7.13-16" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/elasticsearch6-rhel8:v6.8.1-408" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/elasticsearch-operator-bundle:v5.7.13-19" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/eventrouter-rhel8:v0.4.0-248" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/fluentd-rhel8:v1.14.6-215" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/kibana6-rhel8:v6.8.1-431" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/logging-curator5-rhel8:v5.8.1-471" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/logging-loki-rhel8:v2.9.6-15" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/logging-view-plugin-rhel8:v5.7.13-3" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/loki-operator-bundle:v5.7.13-27" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/loki-rhel8-operator:v5.7.13-12" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/lokistack-gateway-rhel8:v0.1.0-527" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/opa-openshift-rhel8:v0.1.0-225" }, { "product_name" : "RHOL-5.7-RHEL-8", "release_date" : "2024-05-01T00:00:00Z", "advisory" : "RHSA-2024:2093", "cpe" : "cpe:/a:redhat:logging:5.7::el8", "package" : "openshift-logging/vector-rhel8:v0.28.1-57" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-6546\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6546\nhttps://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3\nhttps://www.zerodayinitiative.com/advisories/ZDI-CAN-20527" ], "name" : "CVE-2023-6546", "mitigation" : { "value" : "This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "lang" : "en:us" }, "csaw" : false }