CVE-2023-6546

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Dec 21, 2023

Updated: Aug 2, 2024

CWE ID 416

CWE ID 362

Summary

CVE-2023-6546 is a new race condition vulnerability affecting the Linux kernel's GSM 0710 tty multiplexor. When two threads simultaneously execute the GSMIOC_SETCONF ioctl command on the same tty file descriptor, each with the gsm line discipline enabled, it results in a use-after-free issue on a struct gsm_dlci during the mux restart process. This vulnerability enables a local, unprivileged user to escalate their privileges on the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tF1i7H
https://www.cve.org/CVERecord?id=CVE-2023-6546
https://nvd.nist.gov/vuln/detail/CVE-2023-6546

Back to Vulnerability Database

CVE-2023-6546

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations