Main Vulnerability Database Vulnerabilities #VU77496

#VU77496 Race condition in Linux kernel - CVE-2023-33203

Published: June 17, 2023

Vulnerability identifier: #VU77496

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-33203

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75
https://bugzilla.suse.com/show_bug.cgi?id=1210685
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
https://bugzilla.redhat.com/show_bug.cgi?id=2192667

#VU77496 Race condition in Linux kernel - CVE-2023-33203

Description

Remediation

External links

Please verify you're human