Lucene search
HistoryJan 21, 2024 - 10:15 a.m.
CVE-2023-6531
cve-2023-6531
linux kernel
use-after-free flaw
race problem
unix garbage collector
skb
unix_stream_read_generic
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
Affected configurations
Node
linuxlinux_kernelRange<6.7
ORlinuxlinux_kernelMatch6.7rc1
ORlinuxlinux_kernelMatch6.7rc2
ORlinuxlinux_kernelMatch6.7rc3
ORlinuxlinux_kernelMatch6.7rc4
Node
redhatenterprise_linuxMatch9.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | lt | 6.7 |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "affected",
"versions": [
{
"version": "0:5.14.0-427.13.1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "kernel-rt",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]Related
debiancve
debiancve
CVE-2023-6531
2024-01-21 10:15:07
nvd
nvd
CVE-2023-6531
2024-01-21 10:15:07
nessus
nessus
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-01-21 10:15:00
redhatcve
redhatcve
CVE-2023-6531
2023-12-27 13:00:31
cbl_mariner
cbl_mariner
CVE-2023-6531 affecting package kernel for versions less than 5.15.148.2-2
2024-02-25 03:00:06
ubuntucve
ubuntucve
CVE-2023-6531
2024-01-21 00:00:00
osv
osv
openvas
openvas
Debian: Security Advisory (DSA-5593-1)
2024-01-12 00:00:00
Ubuntu: Security Advisory (USN-6624-1)
2024-02-08 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0156-1)
2024-03-04 00:00:00
debian
debian
[SECURITY] [DSA 5593-1] linux security update
2024-01-01 13:25:21
[SECURITY] [DSA 5594-1] linux security update
2024-01-02 21:05:08
[SECURITY] [DLA 3711-1] linux-5.10 security update
2024-01-11 17:58:27
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-02-07 00:00:00
Linux kernel (OEM) vulnerabilities
2024-02-15 00:00:00
Linux kernel (Azure) vulnerabilities
2024-02-23 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0548
2024-01-13 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
2024-04-30 06:15:35
(RHSA-2024:2932) Important: logging for Red Hat OpenShift security update
2024-05-23 07:05:57
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2023-6531