CVE-2023-6200

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-6200	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250377	Issue Tracking Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e	Mailing List Patch
https://access.redhat.com/security/cve/CVE-2023-6200	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250377	Issue Tracking Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc6::::::

History

No history.

Information

Published : 2024-01-28 13:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6200

Mitre link : CVE-2023-6200

CVE.ORG link : CVE-2023-6200

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2023-6200", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-01-28T13:15:07.817", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-6200", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e", "tags": ["Mailing List", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6200", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution."}, {"lang": "es", "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podr\u00eda enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2024-11-21T08:43:20.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "668F5607-E136-4E8E-86F2-316E9DC41ADC", "versionEndExcluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ED5AF93-F831-48BC-9545-CCB344E814FC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}