CVE-2023-6932 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2023-6932?

CVE-2023-6932 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6932?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel.

Vulnerability Description

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	10.0
Linux	Linux Kernel	< 4.14.332

Related Weaknesses (CWE)

CWE-416

References

http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2bMailing ListPatch
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1Patch
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2bMailing ListPatch
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1Patch
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.htmlMailing ListThird Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
https://cert-portal.siemens.com/productcert/html/ssa-794697.html

FAQ

What is CVE-2023-6932?

CVE-2023-6932 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly regi...

How severe is CVE-2023-6932?

CVE-2023-6932 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6932?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel.