Assigner | redhat |
Reserved | 2023-12-06 |
Published | 2023-12-21 |
Updated | 2024-07-23 |
Description
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Problem types
Product status
0:4.18.0-513.24.1.rt7.326.el8_9 before *
0:4.18.0-513.24.1.el8_9 before *
0:4.18.0-193.136.1.el8_2 before *
0:4.18.0-305.134.1.el8_4 before *
0:4.18.0-305.134.1.rt7.210.el8_4 before *
0:4.18.0-305.134.1.el8_4 before *
0:4.18.0-305.134.1.el8_4 before *
0:4.18.0-372.93.1.el8_6 before *
0:4.18.0-477.55.1.el8_8 before *
0:5.14.0-427.13.1.el9_4 before *
0:5.14.0-427.13.1.el9_4 before *
0:5.14.0-70.93.2.el9_0 before *
0:5.14.0-70.93.1.rt21.165.el9_0 before *
0:5.14.0-284.55.1.el9_2 before *
0:5.14.0-284.55.1.rt14.340.el9_2 before *
0:4.18.0-372.93.1.el8_6 before *
v5.7.13-16 before *
v5.7.13-7 before *
v6.8.1-408 before *
v5.7.13-19 before *
v1.0.0-480 before *
v5.7.13-9 before *
v0.4.0-248 before *
v1.14.6-215 before *
v6.8.1-431 before *
v1.1.0-228 before *
v5.8.1-471 before *
v2.9.6-15 before *
v5.7.13-3 before *
v5.7.13-27 before *
v5.7.13-12 before *
v0.1.0-527 before *
v0.1.0-225 before *
v0.28.1-57 before *
Timeline
2023-12-18: | Reported to Red Hat. |
2023-12-21: | Made public. |
References
http://www.openwall.com/lists/oss-security/2024/04/10/18
http://www.openwall.com/lists/oss-security/2024/04/10/21
http://www.openwall.com/lists/oss-security/2024/04/11/7
http://www.openwall.com/lists/oss-security/2024/04/11/9
http://www.openwall.com/lists/oss-security/2024/04/12/1
http://www.openwall.com/lists/oss-security/2024/04/12/2
http://www.openwall.com/lists/oss-security/2024/04/16/2
http://www.openwall.com/lists/oss-security/2024/04/17/1
https://access.redhat.com/errata/RHSA-2024:0930 (RHSA-2024:0930)
https://access.redhat.com/errata/RHSA-2024:0937 (RHSA-2024:0937)
https://access.redhat.com/errata/RHSA-2024:1018 (RHSA-2024:1018)
https://access.redhat.com/errata/RHSA-2024:1019 (RHSA-2024:1019)
https://access.redhat.com/errata/RHSA-2024:1055 (RHSA-2024:1055)
https://access.redhat.com/errata/RHSA-2024:1250 (RHSA-2024:1250)
https://access.redhat.com/errata/RHSA-2024:1253 (RHSA-2024:1253)
https://access.redhat.com/errata/RHSA-2024:1306 (RHSA-2024:1306)
https://access.redhat.com/errata/RHSA-2024:1607 (RHSA-2024:1607)
https://access.redhat.com/errata/RHSA-2024:1612 (RHSA-2024:1612)
https://access.redhat.com/errata/RHSA-2024:1614 (RHSA-2024:1614)
https://access.redhat.com/errata/RHSA-2024:2093 (RHSA-2024:2093)
https://access.redhat.com/errata/RHSA-2024:2394 (RHSA-2024:2394)
https://access.redhat.com/errata/RHSA-2024:2621 (RHSA-2024:2621)
https://access.redhat.com/errata/RHSA-2024:2697 (RHSA-2024:2697)
https://access.redhat.com/errata/RHSA-2024:4577 (RHSA-2024:4577)
https://access.redhat.com/errata/RHSA-2024:4729 (RHSA-2024:4729)
https://access.redhat.com/errata/RHSA-2024:4731 (RHSA-2024:4731)
https://access.redhat.com/security/cve/CVE-2023-6546
https://bugzilla.redhat.com/show_bug.cgi?id=2255498 (RHBZ#2255498)
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527