CVE-2023-6200Race Condition in Kernel

CWE-362Race ConditionCWE-78OS Command Injection10 documents8 sources
Severity
7.5HIGHNVD
OSV5.5
EPSS
0.6%
top 30.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelImagemagickDebian Linux+6 more
Timeline
PublishedJan 28
Latest updateApr 16

Description

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel< 6.7+1
Debianlinux/linux_kernel< 6.6.9-1+1
debiandebian/linux< linux 6.6.9-1 (forky)

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
OSV
imagemagick regression2025-04-16
OSV
CVE-2023-6200: A race condition was found in the Linux Kernel2024-01-28
GHSA
GHSA-ghww-f45r-4r4w: A race condition was found in the Linux Kernel2024-01-28

📋Vendor Advisories

5
Microsoft
Kernel: icmpv6 router advertisement packets aka linux tcp/ip remote code execution vulnerability2024-01-09
Red Hat
kernel: ICMPv6 Router Advertisement packets, aka Linux TCP/IP Remote Code Execution Vulnerability2023-12-21
Cisco
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability2023-02-22
Debian
CVE-2023-6200: linux - A race condition was found in the Linux Kernel. Under certain conditions, an una...2023
Cisco
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability

💬Community

1
Bugzilla
CVE-2023-6200 kernel: ICMPv6 Router Advertisement packets, aka Linux TCP/IP Remote Code Execution Vulnerability2023-11-17