github - ghsa-ghww-f45r-4r4w

ghsa-ghww-f45r-4r4w

Vulnerability from github

Published

2024-01-28 15:30

Modified

2024-01-28 15:30

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-28T13:15:07Z",
    "severity": "HIGH"
  },
  "details": "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.",
  "id": "GHSA-ghww-f45r-4r4w",
  "modified": "2024-01-28T15:30:20Z",
  "published": "2024-01-28T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6200"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6200"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-6200

Vulnerability from cvelistv5

Published

2024-01-28 12:19

Modified

2024-08-02 08:21

Severity

7.5 (High) - cvssV3_1 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability

References

URL	Tags
https://access.redhat.com/security/cve/CVE-2023-6200	vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2250377	issue-tracking, x_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e

Impacted products

Vendor	Product
n/a	kernel
n/a	kernel
Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Virtualization 4
Fedora	Fedora

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:18.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6200"
          },
          {
            "name": "RHBZ#2250377",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unaffected",
              "version": "6.7-rc7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "kernel",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::hypervisor"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Fedora",
          "vendor": "Fedora"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Lucas Leong (Trend Micro Zero Day Initiative) for reporting this issue."
        }
      ],
      "datePublic": "2023-12-21T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T15:44:56.695Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6200"
        },
        {
          "name": "RHBZ#2250377",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-17T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "The remote attack is potentially possible in the local network only. It is not possible if param\nnet.ipv6.conf.[NIC].accept_ra\ndisabled. Check this param value with the command\ncat /proc/sys/net/ipv6/conf/default/accept_ra\nor /proc/sys/net/ipv6/conf/eth0/accept_ra\n(where eth0 is the name of the networking interface).\nIf you cannot run this or a similar command and parameter accept_ra is not available, then IPV6 is disabled.\nIf IPV6 is not being used, it is possible to disable it completely, and there is instruction on how to do this:\nhttps://access.redhat.com/solutions/8709"
        }
      ],
      "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6200",
    "datePublished": "2024-01-28T12:19:24.885Z",
    "dateReserved": "2023-11-20T09:44:39.245Z",
    "dateUpdated": "2024-08-02T08:21:18.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.