CVE-2023-6932
Public on 2023-12-19
Modified on 2024-04-26
Description
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | kernel | 2024-01-03 | ALAS-2024-1899 | Fixed |
Amazon Linux 2 - Core | kernel | 2024-01-03 | ALAS2-2024-2391 | Fixed |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2024-01-05 | ALAS2KERNEL-5.10-2024-045 | Fixed |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2024-01-19 | ALAS2KERNEL-5.10-2024-047 | Fixed |
Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2024-01-05 | ALAS2KERNEL-5.15-2024-033 | Fixed |
Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2024-01-19 | ALAS2KERNEL-5.15-2024-035 | Fixed |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2024-01-03 | ALAS2KERNEL-5.4-2024-057 | Fixed |
Amazon Linux 2023 | kernel | 2023-12-13 | ALAS2023-2023-461 | Fixed |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.327-246.539 | 2024-02-01 | ALAS2LIVEPATCH-2024-162 | Fixed |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.328-248.540 | 2024-02-01 | ALAS2LIVEPATCH-2024-163 | Fixed |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.330-250.540 | 2024-02-01 | ALAS2LIVEPATCH-2024-161 | Fixed |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.201-191.748 | 2024-02-29 | ALAS2LIVEPATCH-2024-167 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |