A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00333.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Logging
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
  • Rhev Hypervisor

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:1614 2024-04-02T00:00:00Z
kernel-0:4.18.0-513.24.1.el8_9 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:1607 2024-04-02T00:00:00Z
kpatch-patch cpe:/o:redhat:enterprise_linux:8 RHSA-2024:1612 2024-04-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
kernel-0:4.18.0-193.136.1.el8_2 cpe:/o:redhat:rhel_aus:8.2 RHSA-2024:4577 2024-07-16T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
kernel-0:4.18.0-305.134.1.el8_4 cpe:/o:redhat:rhel_aus:8.4 RHSA-2024:4731 2024-07-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
kernel-rt-0:4.18.0-305.134.1.rt7.210.el8_4 cpe:/a:redhat:rhel_tus:8.4::nfv RHSA-2024:4729 2024-07-23T00:00:00Z
kernel-0:4.18.0-305.134.1.el8_4 cpe:/o:redhat:rhel_tus:8.4 RHSA-2024:4731 2024-07-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
kernel-0:4.18.0-305.134.1.el8_4 cpe:/o:redhat:rhel_e4s:8.4 RHSA-2024:4731 2024-07-23T00:00:00Z
kpatch-patch cpe:/o:redhat:rhel_e4s:8.4 RHSA-2024:4970 2024-08-01T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.93.1.el8_6 cpe:/o:redhat:rhel_eus:8.6 RHSA-2024:0930 2024-02-21T00:00:00Z
kpatch-patch cpe:/o:redhat:rhel_eus:8.6 RHSA-2024:0937 2024-02-22T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.55.1.el8_8 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:2621 2024-04-30T00:00:00Z
kpatch-patch cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:2697 2024-05-06T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.13.1.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2394 2024-04-30T00:00:00Z
kernel-0:5.14.0-427.13.1.el9_4 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:2394 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
kernel-0:5.14.0-70.93.2.el9_0 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:1250 2024-03-12T00:00:00Z
kernel-rt-0:5.14.0-70.93.1.rt21.165.el9_0 cpe:/a:redhat:rhel_eus:9.0::nfv RHSA-2024:1306 2024-03-13T00:00:00Z
kpatch-patch cpe:/o:redhat:rhel_eus:9.0 RHSA-2024:1253 2024-03-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.55.1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:1018 2024-02-28T00:00:00Z
kernel-rt-0:5.14.0-284.55.1.rt14.340.el9_2 cpe:/a:redhat:rhel_eus:9.2::nfv RHSA-2024:1019 2024-02-28T00:00:00Z
kpatch-patch cpe:/o:redhat:rhel_eus:9.2 RHSA-2024:1055 2024-02-29T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.93.1.el8_6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2024:0930 2024-02-21T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-58776 A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Fixes

Solution

No solution given by the vendor.

Workaround

This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

References
Link Providers
http://www.openwall.com/lists/oss-security/2024/04/10/18 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/10/21 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/11/7 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/11/9 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/12/1 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/12/2 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/16/2 cve-icon
http://www.openwall.com/lists/oss-security/2024/04/17/1 cve-icon
https://access.redhat.com/errata/RHSA-2024:0930 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0937 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1018 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1019 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1250 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1253 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1306 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1607 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1612 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1614 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2093 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2394 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2621 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2697 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4577 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4729 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4731 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4970 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-6546 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2255498 cve-icon cve-icon
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6546 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6546 cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527 cve-icon cve-icon cve-icon
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Sat, 14 Sep 2024 00:45:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-06T19:39:08.118Z

Reserved: 2023-12-06T07:11:48.937Z

Link: CVE-2023-6546

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-21T20:15:08.260

Modified: 2024-11-21T08:44:04.170

Link: CVE-2023-6546

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-21T00:00:00Z

Links: CVE-2023-6546 - Bugzilla

cve-icon OpenCVE Enrichment

No data.