CVE-2023-6932

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Dec 19, 2023

Updated: Feb 8, 2024

CWE ID 416

Summary

CVE-2023-6932 is a use-after-free vulnerability affecting the Linux kernel's ipv4: igmp component. A race condition can be exploited to cause a timer to be mistakenly registered on an RCU read-locked object, which is later freed by another thread. This issue allows an attacker to achieve local privilege escalation on the affected system. To mitigate this vulnerability, it is recommended to upgrade past commit e2b706c691905fe78468c361aaabc719d0a496f1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t2ULKt
https://www.cve.org/CVERecord?id=CVE-2023-6932
https://nvd.nist.gov/vuln/detail/CVE-2023-6932

Back to Vulnerability Database

CVE-2023-6932

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations