CVE-2023-6531Race Condition in Kernel

CWE-362Race ConditionCWE-416Use After Free11 documents9 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 97.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedJan 21
Latest updateFeb 23

Description

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel< 6.7+1
Debianlinux/linux_kernel< 5.10.205-2+3

Also affects: Enterprise Linux 9.0

Patches

Patch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

3
CVEList
Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf2024-01-21
GHSA
GHSA-xh36-8q3w-g243: A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_2024-01-21
OSV
CVE-2023-6531: A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_2024-01-21

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2024-02-23
Ubuntu
Linux kernel (OEM) vulnerabilities2024-02-15
Ubuntu
Linux kernel vulnerabilities2024-02-07
Microsoft
Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf2024-01-09
Red Hat
kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF2023-12-06

💬Community

1
Bugzilla
CVE-2023-6531 kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF2023-12-05
CVE-2023-6531 — Race Condition in Linux Kernel | cvebase