CVE-2023-2006

CVSS 7 HIGHEPSS 0.4%CWE-362

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · Linux kernel's RxRPC network protocol

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=2189112 https://github.com/torvalds/linux/commit/3bcd6c7eaa53 https://security.netapp.com/advisory/ntap-20230609-0004/https://www.zerodayinitiative.com/advisories/ZDI-23-439/