gsd-2023-6200
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-6200", id: "GSD-2023-6200", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-6200", ], details: "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.", id: "GSD-2023-6200", modified: "2023-12-13T01:20:32.671043Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2023-6200", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { versions: [ { status: "unaffected", version: "6.7-rc7", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, ], }, vendor_name: "n/a", }, { product: { product_data: [ { product_name: "Red Hat Enterprise Linux 6", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, { product_name: "Red Hat Virtualization 4", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", }, }, ], }, }, ], }, vendor_name: "Red Hat", }, { product: { product_data: [ { product_name: "Fedora", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", }, }, ], }, }, ], }, vendor_name: "Fedora", }, ], }, }, credits: [ { lang: "en", value: "Red Hat would like to thank Lucas Leong (Trend Micro Zero Day Initiative) for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.", }, ], }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-362", lang: "eng", value: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/cve/CVE-2023-6200", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2023-6200", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e", }, ], }, work_around: [ { lang: "en", value: "The remote attack is potentially possible in the local network only. It is not possible if param\nnet.ipv6.conf.[NIC].accept_ra\ndisabled. Check this param value with the command\ncat /proc/sys/net/ipv6/conf/default/accept_ra\nor /proc/sys/net/ipv6/conf/eth0/accept_ra\n(where eth0 is the name of the networking interface).\nIf you cannot run this or a similar command and parameter accept_ra is not available, then IPV6 is disabled.\nIf IPV6 is not being used, it is possible to disable it completely, and there is instruction on how to do this:\nhttps://access.redhat.com/solutions/8709", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "668F5607-E136-4E8E-86F2-316E9DC41ADC", versionEndExcluding: "6.7", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", matchCriteriaId: "3A0038DE-E183-4958-A6E3-CE3821FEAFBF", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", matchCriteriaId: "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", matchCriteriaId: "C56C6E04-4F04-44A3-8DB8-93899903CFCF", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", matchCriteriaId: "5C78EDA4-8BE6-42FC-9512-49032D525A55", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", matchCriteriaId: "32F2E5CA-13C6-4601-B530-D465CBF73D1C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*", matchCriteriaId: "5ED5AF93-F831-48BC-9545-CCB344E814FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.", }, { lang: "es", value: "Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario.", }, ], id: "CVE-2023-6200", lastModified: "2024-02-02T15:38:42.870", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], }, published: "2024-01-28T13:15:07.817", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6200", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2250377", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.