CVE-2023-6932: A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be…

high7CVSS 3.1

AVLACHPRLUINSUCHIHAH

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	linux	< linux 6.1.66-1 (bookworm)	linux 6.1.66-1 (bookworm)
google	chrome_chrome	—	—
linux	kernel	>= 2.6.12 < 6.7	6.7
linux	linux_kernel	< 4.14.332	4.14.332
linux	linux_kernel	>= 0 < 5.10.205-2	5.10.205-2
linux	linux_kernel	>= 0 < 6.1.66-1	6.1.66-1
linux	linux_kernel	>= 0 < 6.6.8-1	6.6.8-1
linux	linux_kernel	>= 0 < 6.6.8-1	6.6.8-1
linux	linux_kernel	>= 0 < 5.4.0-170.188	5.4.0-170.188
linux	linux_kernel	>= 0 < 5.15.0-92.102	5.15.0-92.102
linux	linux_kernel	>= 0 < 4.4.0-251.285	4.4.0-251.285
linux	linux_kernel	>= 0 < 4.4.0-250.284	4.4.0-250.284
linux	linux_kernel	>= 0 < 4.15.0-222.233	4.15.0-222.233
linux	linux_kernel	>= 0 < 4.15.0-221.232	4.15.0-221.232
linux	linux_kernel	>= 0 < 5.4.0-172.190	5.4.0-172.190
linux	linux_kernel	>= 0 < 5.4.0-170.188	5.4.0-170.188
linux	linux_kernel	>= 0 < 5.15.0-97.107	5.15.0-97.107
linux	linux_kernel	>= 0 < 5.15.0-94.104	5.15.0-94.104
linux	linux_kernel	>= 4.15 < 4.19.301	4.19.301
linux	linux_kernel	>= 4.20 < 5.4.263	5.4.263
linux	linux_kernel	>= 5.11 < 5.15.142	5.15.142
linux	linux_kernel	>= 5.16 < 6.1.66	6.1.66
linux	linux_kernel	>= 5.5 < 5.10.203	5.10.203
linux	linux_kernel	>= 6.2 < 6.6.5	6.6.5

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

osv8.1HIGH