Vulnerability Description
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.10, < 5.10.157 |
| Netapp | Hci Baseboard Management Controller | h300s |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2189112Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/3bcd6c7eaa53Patch
- https://security.netapp.com/advisory/ntap-20230609-0004/PatchThird Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-439/Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=2189112Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/3bcd6c7eaa53Patch
- https://security.netapp.com/advisory/ntap-20230609-0004/PatchThird Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-439/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-2006?
CVE-2023-2006 is a vulnerability with a CVSS score of 7.0 (HIGH). A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an obj...
How severe is CVE-2023-2006?
CVE-2023-2006 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2006?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Baseboard Management Controller.