CVE-2023-6546
Published: 21 December 2023
Summary
CVE-2023-6546 is a high-severity Race Condition within a Thread (CWE-366) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 43.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58776
Vulnerability details
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead…
more
to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-6546 is a Linux kernel race condition causing use-after-free in GSM tty multiplexor, enabling local unprivileged users to escalate privileges via exploitation.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.
Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.