What is CVE-2023-6546?

CVE-2023-6546 is a high-severity vulnerability in Red Hat Enterprise Linux 6, classified under Race Condition within a Thread. CVSS score: 7.0/10. Published 2023-12-21.

How severe is CVE-2023-6546?

High severity. CVSS v3 base score is 7.0 out of 10.

Is CVE-2023-6546 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Red Hat Enterprise Linux 6

CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use…

EPSS: 0.003 (56.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:4.18.0-513.24.1.rt7.326.el8_9, 0:4.18.0-513.24.1.el8_9
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:4.18.0-193.136.1.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:4.18.0-305.134.1.el8_4
Red Hat Enterprise Linux 8.4 Telecommunications Update Service — versions 0:4.18.0-305.134.1.rt7.210.el8_4, 0:4.18.0-305.134.1.el8_4
Red Hat Enterprise Linux 8.4 Update Services For Sap Solutions — versions 0:4.18.0-305.134.1.el8_4
Red Hat Enterprise Linux 8.6 Extended Update Support — versions 0:4.18.0-372.93.1.el8_6
Red Hat Enterprise Linux 8.8 Extended Update Support — versions 0:4.18.0-477.55.1.el8_8
Red Hat Enterprise Linux 9 — versions 0:5.14.0-427.13.1.el9_4

Weakness classification (CWE)

CWE-366 — Race Condition within a Thread

Public proof-of-concept exploits

References

RHSA-2024:0930 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:0937 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1018 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1019 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1055 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1250 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1253 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1306 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1607 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:1612 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2023-6546?: CVE-2023-6546 is a high-severity vulnerability in Red Hat Enterprise Linux 6, classified under Race Condition within a Thread. CVSS score: 7.0/10. Published 2023-12-21.
How severe is CVE-2023-6546?: High severity. CVSS v3 base score is 7.0 out of 10.
Is CVE-2023-6546 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.