Описание
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-6546
- https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527
- https://bugzilla.redhat.com/show_bug.cgi?id=2255498
- https://access.redhat.com/security/cve/CVE-2023-6546
- https://access.redhat.com/errata/RHSA-2024:4970
- https://access.redhat.com/errata/RHSA-2024:4731
- https://access.redhat.com/errata/RHSA-2024:4729
- https://access.redhat.com/errata/RHSA-2024:4577
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:2621
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2093
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/errata/RHSA-2024:1612
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1055
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:0937
- https://access.redhat.com/errata/RHSA-2024:0930
- http://www.openwall.com/lists/oss-security/2024/04/10/18
- http://www.openwall.com/lists/oss-security/2024/04/10/21
- http://www.openwall.com/lists/oss-security/2024/04/11/7
- http://www.openwall.com/lists/oss-security/2024/04/11/9
- http://www.openwall.com/lists/oss-security/2024/04/12/1
- http://www.openwall.com/lists/oss-security/2024/04/12/2
- http://www.openwall.com/lists/oss-security/2024/04/16/2
- http://www.openwall.com/lists/oss-security/2024/04/17/1
Связанные уязвимости
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Kernel: gsm multiplexing race condition leads to privilege escalation
A race condition was found in the GSM 0710 tty multiplexor in the Linu ...