Vulnerability Details : CVE-2023-2006
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2023-2006
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 14 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-2006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2023-2006
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-2006
-
https://github.com/torvalds/linux/commit/3bcd6c7eaa53
rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CA… · torvalds/linux@3bcd6c7 · GitHubPatch
-
https://www.zerodayinitiative.com/advisories/ZDI-23-439/
ZDI-23-439 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20230609-0004/
CVE-2023-2006 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2189112
2189112 – (CVE-2023-2006) CVE-2023-2006 kernel: rxrpc: race condition between connection bundle lookup and removalIssue Tracking;Patch;Third Party Advisory
Products affected by CVE-2023-2006
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*