cve/2023/CVE-2023-6546.md

CVE-2023-6546

Description

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

POC

Reference

• http://www.openwall.com/lists/oss-security/2024/04/10/18
• http://www.openwall.com/lists/oss-security/2024/04/10/21
• http://www.openwall.com/lists/oss-security/2024/04/11/7
• http://www.openwall.com/lists/oss-security/2024/04/11/9
• http://www.openwall.com/lists/oss-security/2024/04/16/2
• http://www.openwall.com/lists/oss-security/2024/04/17/1

Github

• https://github.com/Nassim-Asrir/ZDI-24-020
• https://github.com/fkie-cad/nvd-json-data-feeds
• https://github.com/marklogic/marklogic-docker
• https://github.com/xairy/linux-kernel-exploitation