fkie_nvd - fkie_cve-2023-6200

fkie_cve-2023-6200

Vulnerability from fkie_nvd

Published

2024-01-28 13:15

Modified

2024-11-21 08:43

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-6200	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2250377	Issue Tracking, Patch
secalert@redhat.com	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-6200	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2250377	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e	Mailing List, Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	6.7
linux	linux_kernel	6.7
linux	linux_kernel	6.7
linux	linux_kernel	6.7
linux	linux_kernel	6.7
linux	linux_kernel	6.7

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "668F5607-E136-4E8E-86F2-316E9DC41ADC",
                     versionEndExcluding: "6.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "3A0038DE-E183-4958-A6E3-CE3821FEAFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "C56C6E04-4F04-44A3-8DB8-93899903CFCF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "5C78EDA4-8BE6-42FC-9512-49032D525A55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "32F2E5CA-13C6-4601-B530-D465CBF73D1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*",
                     matchCriteriaId: "5ED5AF93-F831-48BC-9545-CCB344E814FC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.",
      },
      {
         lang: "es",
         value: "Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario.",
      },
   ],
   id: "CVE-2023-6200",
   lastModified: "2024-11-21T08:43:20.507",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-28T13:15:07.817",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-6200",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-6200",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

CVE-2023-6200 (GCVE-0-2023-6200)

Vulnerability from cvelistv5

Published

2024-01-28 12:19

Modified

2024-08-02 08:21

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://access.redhat.com/security/cve/CVE-2023-6200	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2250377	issue-tracking, x_refsource_REDHAT
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e

Impacted products

Vendor

Product

Version

▼

n/a

kernel

n/a	kernel
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Virtualization 4	cpe:/a:redhat:enterprise_linux:8::hypervisor
Fedora	Fedora

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:21:18.007Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2023-6200",
               },
               {
                  name: "RHBZ#2250377",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "kernel",
               vendor: "n/a",
               versions: [
                  {
                     status: "unaffected",
                     version: "6.7-rc7",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "kernel",
               vendor: "n/a",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:6",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel",
               product: "Red Hat Enterprise Linux 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel-rt",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel-rt",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel-rt",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:8::hypervisor",
               ],
               defaultStatus: "unaffected",
               packageName: "kernel",
               product: "Red Hat Virtualization 4",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://packages.fedoraproject.org/",
               defaultStatus: "affected",
               packageName: "kernel",
               product: "Fedora",
               vendor: "Fedora",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Red Hat would like to thank Lucas Leong (Trend Micro Zero Day Initiative) for reporting this issue.",
            },
         ],
         datePublic: "2023-12-21T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Important",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-362",
                     description: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-02T15:44:56.695Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2023-6200",
            },
            {
               name: "RHBZ#2250377",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377",
            },
            {
               url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-11-17T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2023-12-21T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability",
         workarounds: [
            {
               lang: "en",
               value: "The remote attack is potentially possible in the local network only. It is not possible if param\nnet.ipv6.conf.[NIC].accept_ra\ndisabled. Check this param value with the command\ncat /proc/sys/net/ipv6/conf/default/accept_ra\nor /proc/sys/net/ipv6/conf/eth0/accept_ra\n(where eth0 is the name of the networking interface).\nIf you cannot run this or a similar command and parameter accept_ra is not available, then IPV6 is disabled.\nIf IPV6 is not being used, it is possible to disable it completely, and there is instruction on how to do this:\nhttps://access.redhat.com/solutions/8709",
            },
         ],
         x_redhatCweChain: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-6200",
      datePublished: "2024-01-28T12:19:24.885Z",
      dateReserved: "2023-11-20T09:44:39.245Z",
      dateUpdated: "2024-08-02T08:21:18.007Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted