Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-6932
HistoryDec 19, 2023 - 12:00 a.m.

CVE-2023-6932

2023-12-1900:00:00
ubuntu.com
ubuntu.com
8
linux kernel
use-after-free
local privilege escalation
ipv4
igmp
race condition
rcu
bugzilla
unprivileged user namespaces

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

A use-after-free vulnerability in the Linux kernel’s ipv4: igmp component
can be exploited to achieve local privilege escalation. A race condition
can be exploited to cause a timer be mistakenly registered on a RCU read
locked object which is freed by another thread. We recommend upgrading past
commit e2b706c691905fe78468c361aaabc719d0a496f1.

Bugs

Notes

Author Note
Priority reason: By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-221.232) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-170.188UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-92.102UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-15.15UNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< 3.13.0-195.246) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux< 4.4.0-250.284) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1164.177) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1117.127UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1052.57UNKNOWN
Rows per page:
1-10 of 941

References

Related

prion 2
cbl_mariner 1
nessus 82
debiancve 1
osv 20
ubuntu 19
redhatcve 1
openvas 40
cve 2
ubuntucve 1
amazon 2
ics 1
photon 3
redhat 11
cloudlinux 2
chrome 1
debian 3
oraclelinux 1
ibm 1
prion
prion
Race condition
2023-12-19 14:15:00
Design/Logic Flaw
2024-01-16 14:15:00
cbl_mariner
cbl_mariner
CVE-2023-6932 affecting package kernel for versions less than 5.15.143.1-1
2024-01-19 03:54:24
nessus
nessus
SUSE SLES15 Security Update : kernel (Live Patch 45 for SLE 15 SP1) (SUSE-SU-2024:0418-1)
2024-02-07 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 44 for SLE 12 SP5) (SUSE-SU-2024:0373-1)
2024-02-07 00:00:00
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP1) (SUSE-SU-2024:0380-1)
2024-02-07 00:00:00
debiancve
debiancve
CVE-2023-6932
2023-12-19 14:15:08
osv
osv
linux vulnerability
2024-01-25 19:32:56
linux-aws vulnerabilities
2024-01-25 20:24:48
linux-kvm vulnerabilities
2024-01-29 22:43:38
ubuntu
ubuntu
Linux kernel vulnerability
2024-01-25 00:00:00
Linux kernel (AWS) vulnerabilities
2024-01-25 00:00:00
Linux kernel (KVM) vulnerabilities
2024-01-29 00:00:00
redhatcve
redhatcve
CVE-2023-6932
2023-12-19 21:46:48
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:0429-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6601-1)
2024-01-26 00:00:00
openSUSE: Security Advisory for the Linux Kernel (Live Patch 20 for SLE 15 SP4) (SUSE-SU-2024:0428-1)
2024-03-04 00:00:00
cve
cve
CVE-2023-6932
2023-12-19 14:15:08
CVE-2024-0584
2024-01-16 14:15:49
ubuntucve
ubuntucve
CVE-2024-0584
2024-01-16 00:00:00
amazon
amazon
Important: kernel
2024-01-03 22:37:00
Important: kernel
2024-01-03 21:04:00
ics
ics
Siemens SIMATIC S7-1500
2024-04-11 12:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0713
2024-01-16 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0548
2024-01-13 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0187
2024-01-09 00:00:00
redhat
redhat
(RHSA-2024:0723) Important: kernel security update
2024-02-07 16:01:23
(RHSA-2024:0725) Important: kernel-rt security update
2024-02-07 16:03:29
(RHSA-2024:0735) Critical: OpenShift Container Platform 4.14.12 bug fix and security update
2024-02-13 17:16:53
cloudlinux
cloudlinux
kernel: Fix of 13 CVEs
2024-01-17 12:28:37
kernel: Fix of 13 CVEs
2024-01-17 12:32:48
chrome
chrome
Stable Channel Update for ChromeOS / ChromeOS Flex
2024-02-07 00:00:00
debian
debian
[SECURITY] [DLA 3711-1] linux-5.10 security update
2024-01-11 18:40:41
[SECURITY] [DSA 5594-1] linux security update
2024-01-02 21:05:08
[SECURITY] [DLA 3710-1] linux security update
2024-01-11 18:20:25
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for UB:CVE-2023-6932
prion2cbl_mariner1nessus82debiancve1osv20ubuntu19redhatcve1openvas40cve2ubuntucve1amazon2ics1photon3redhat11cloudlinux2chrome1debian3oraclelinux1ibm1