Vulnerability Details : CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
Products affected by CVE-2023-6200
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6200
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST | 2024-02-02 |
7.5
|
HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
Red Hat, Inc. | 2024-01-28 |
CWE ids for CVE-2023-6200
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-6200
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e
net/ipv6: Revert remove expired routes with a separated list of routes - kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=2250377
2250377 – (CVE-2023-6200, ZDI-CAN-22579) CVE-2023-6200 kernel: ICMPv6 Router Advertisement packets, aka Linux TCP/IP Remote Code Execution VulnerabilityIssue Tracking;Patch
-
https://access.redhat.com/security/cve/CVE-2023-6200
CVE-2023-6200- Red Hat Customer PortalThird Party Advisory
Jump to