Описание
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Отчет
This vulnerability is critical because it can be exploited to escalate privileges, directly threatening system security. Despite requiring local access and having a high attack complexity, the potential to severely impact confidentiality, integrity, and availability justifies its "Important" rating.
Меры по смягчению последствий
This flaw can be mitigated by preventing the affected n_gsm kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:1614 | 02.04.2024 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:1607 | 02.04.2024 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2024:1612 | 02.04.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2024:4577 | 16.07.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | kernel | Fixed | RHSA-2024:4731 | 23.07.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | kernel-rt | Fixed | RHSA-2024:4729 | 23.07.2024 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
A race condition was found in the GSM 0710 tty multiplexor in the Linu ...
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Уязвимость функции gsm_cleanup_mux() драйвера N_GSM ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
7 High
CVSS3