Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-6546
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Kernel: gsm multiplexing race condition leads to privilege escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
单线程内的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于GSM 多路复用竞争条件导致权限升级,当两个线程在启用 gsm 行规则的情况下在同一个 tty 文件描述符上执行 GSMIOC_SETCONF ioctl 时,会出现此问题,并且可能会导致在重新启动 gsm mux 时在 struct gsm_dlci 上出现释放后重用问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 8 0:4.18.0-513.24.1.rt7.326.el8_9 ~ * cpe:/a:redhat:enterprise_linux:8::realtime
Red HatRed Hat Enterprise Linux 8 0:4.18.0-513.24.1.el8_9 ~ * cpe:/o:redhat:enterprise_linux:8::baseos
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8::baseos
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support 0:4.18.0-193.136.1.el8_2 ~ * cpe:/o:redhat:rhel_aus:8.2::baseos
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:4.18.0-305.134.1.el8_4 ~ * cpe:/o:redhat:rhel_aus:8.4::baseos
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service 0:4.18.0-305.134.1.rt7.210.el8_4 ~ * cpe:/a:redhat:rhel_tus:8.4::nfv
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service 0:4.18.0-305.134.1.el8_4 ~ * cpe:/o:redhat:rhel_aus:8.4::baseos
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions 0:4.18.0-305.134.1.el8_4 ~ * cpe:/o:redhat:rhel_aus:8.4::baseos
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions-cpe:/o:redhat:rhel_e4s:8.4::baseos
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support 0:4.18.0-372.93.1.el8_6 ~ * cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support-cpe:/o:redhat:rhel_eus:8.6::baseos
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support 0:4.18.0-477.55.1.el8_8 ~ * cpe:/a:redhat:rhel_eus:8.8::crb
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support-cpe:/o:redhat:rhel_eus:8.8::baseos
Red HatRed Hat Enterprise Linux 9 0:5.14.0-427.13.1.el9_4 ~ * cpe:/a:redhat:enterprise_linux:9::realtime
Red HatRed Hat Enterprise Linux 9 0:5.14.0-427.13.1.el9_4 ~ * cpe:/a:redhat:enterprise_linux:9::realtime
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support 0:5.14.0-70.93.2.el9_0 ~ * cpe:/a:redhat:rhel_eus:9.0::appstream
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support 0:5.14.0-70.93.1.rt21.165.el9_0 ~ * cpe:/a:redhat:rhel_eus:9.0::realtime
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support-cpe:/o:redhat:rhel_eus:9.0::baseos
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 0:5.14.0-284.55.1.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 0:5.14.0-284.55.1.rt14.340.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::realtime
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support-cpe:/o:redhat:rhel_eus:9.2::baseos
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 8 0:4.18.0-372.93.1.el8_6 ~ * cpe:/o:redhat:rhev_hypervisor:4.4::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-16 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-7 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v6.8.1-408 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-19 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v1.0.0-480 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-9 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v0.4.0-248 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v1.14.6-215 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v6.8.1-431 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v1.1.0-228 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.8.1-471 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v2.9.6-15 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-3 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-27 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v5.7.13-12 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v0.1.0-527 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v0.1.0-225 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRHOL-5.7-RHEL-8 v0.28.1-57 ~ * cpe:/a:redhat:logging:5.7::el8
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
II. Public POCs for CVE-2023-6546
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/harithlab/CVE-2023-6546POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-6546
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 8
Same vendor: Red Hat
Same weakness: CWE-366
V. Comments for CVE-2023-6546

No comments yet

Leave a comment