CVE-2023-6932

{"id": "CVE-2023-6932", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-12-19T14:15:08.460", "references": [{"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html", "source": "cve-coordination@google.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1", "tags": ["Mailing List", "Patch"], "source": "cve-coordination@google.com"}, {"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1", "tags": ["Patch"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "source": "cve-coordination@google.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de use after free en el componente ipv4: igmp del kernel de Linux se puede explotar para lograr una escalada de privilegios local. Se puede aprovechar una condici\u00f3n de ejecuci\u00f3n para provocar que un temporizador se registre por error en un objeto bloqueado de lectura de RCU que es liberado por otro subproceso. Recomendamos actualizar el commit anterior e2b706c691905fe78468c361aaabc719d0a496f1."}], "lastModified": "2024-02-08T16:15:47.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2446CA5-FF6C-417F-A095-C5CA491CAA94", "versionEndExcluding": "6.7", "versionStartIncluding": "2.6.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}