#VU77496 Race condition in Linux kernel - CVE-2023-33203
Vulnerability identifier: #VU77496
Vulnerability risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: before 6.2.9, 6.2.9
External links
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75
https://bugzilla.suse.com/show_bug.cgi?id=1210685
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
https://bugzilla.redhat.com/show_bug.cgi?id=2192667
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
