CVE-2023-2006

Sažetak

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2189112
https://github.com/torvalds/linux/commit/3bcd6c7eaa53
https://security.netapp.com/advisory/ntap-20230609-0004/
https://www.zerodayinitiative.com/advisories/ZDI-23-439/
https://bugzilla.redhat.com/show_bug.cgi?id=2189112
https://github.com/torvalds/linux/commit/3bcd6c7eaa53
https://security.netapp.com/advisory/ntap-20230609-0004/
https://www.zerodayinitiative.com/advisories/ZDI-23-439/

CVSS

Base:	7.0
Impact:	5.9
Exploitability:	1.0

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

23-04-2025 - 17:16

Objavljeno

24-04-2023 - 21:15