#VU77496 Race condition in Linux kernel


Published: 2023-06-17

Vulnerability identifier: #VU77496

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33203

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75
http://bugzilla.suse.com/show_bug.cgi?id=1210685
http://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
http://bugzilla.redhat.com/show_bug.cgi?id=2192667

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in IBM Storage Protect Plus Server
Red Hat Enterprise Linux 8.8 Extended Update Support update for kernel
Red Hat OpenShift Container Platform 4.12 update for golang
Multiple vulnerabilities in Logging Subsystem 5.7 for Red Hat OpenShift
Multiple vulnerabilities in IBM Spectrum Copy Data Management
Multiple vulnerabilities in Logging Subsystem 5.8 for Red Hat OpenShift
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Red Hat Enterprise Linux 8 update for kernel
Red Hat Enterprise Linux 8 update for kernel-rt