CVE-2023-2006 — Race Condition in Kernel

CWE-362 — Race Condition7 documents7 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 92.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Netapp HCI Baseboard Management Controller

Timeline

PublishedApr 24

Description

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel5.10 — 5.10.157+2

▶Debianlinux/linux_kernel< 5.10.158-1+3

▶NVDnetapp/hci_baseboard_management_controller5 versions+4

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvxc-v7pp-fmx4: A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles↗2023-04-24

▶

CVEList

CVE-2023-2006: A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles↗2023-04-24

▶

OSV

CVE-2023-2006: A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles↗2023-04-24

▶

📋Vendor Advisories

Red Hat

kernel: rxrpc: race condition between connection bundle lookup and removal↗2023-04-13

▶

Microsoft

A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an obje↗2023-04-11

▶

Debian

CVE-2023-2006: linux - A race condition was found in the Linux kernel's RxRPC network protocol, within ...↗2023

▶