Bug 2255283 (CVE-2023-6932) - CVE-2023-6932 kernel: use-after-free in IPv4 IGMP
Summary: CVE-2023-6932 kernel: use-after-free in IPv4 IGMP
Keywords:
Status: NEW
Alias: CVE-2023-6932
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2255288
Blocks: 2255282
TreeView+ depends on / blocked
 
Reported: 2023-12-19 21:02 UTC by Robb Gatica
Modified: 2025-06-02 15:28 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0858 0 None None None 2024-02-19 01:12:22 UTC
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:22:15 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:15:03 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:50:10 UTC
Red Hat Product Errata RHSA-2024:0723 0 None None None 2024-02-07 16:26:28 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:31:15 UTC
Red Hat Product Errata RHSA-2024:0725 0 None None None 2024-02-07 16:22:32 UTC
Red Hat Product Errata RHSA-2024:1250 0 None None None 2024-03-12 00:44:39 UTC
Red Hat Product Errata RHSA-2024:1306 0 None None None 2024-03-13 09:08:19 UTC
Red Hat Product Errata RHSA-2024:1404 0 None None None 2024-03-19 17:27:51 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:14:43 UTC
Red Hat Product Errata RHSA-2024:2950 0 None None None 2024-05-22 09:15:13 UTC
Red Hat Product Errata RHSA-2024:3138 0 None None None 2024-05-22 09:52:36 UTC

Description Robb Gatica 2023-12-19 21:02:48 UTC 
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.

A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.

We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1
Comment 1 Robb Gatica 2023-12-19 21:22:10 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2255288]
Comment 3 Justin M. Forbes 2023-12-19 22:10:33 UTC 
This was fixed for Fedora with the 6.6.5 stable kernel updates.
Comment 11 Rohit Keshri 2024-01-21 09:05:58 UTC 
*** Bug 2258584 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2024-02-07 16:22:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0725
Comment 13 errata-xmlrpc 2024-02-07 16:26:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0723
Comment 14 errata-xmlrpc 2024-02-07 16:31:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 19 errata-xmlrpc 2024-03-12 00:44:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250
Comment 20 errata-xmlrpc 2024-03-13 09:08:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306
Comment 22 errata-xmlrpc 2024-03-19 17:27:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
Comment 23 errata-xmlrpc 2024-04-30 10:14:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
Comment 24 errata-xmlrpc 2024-05-22 09:15:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
Comment 25 errata-xmlrpc 2024-05-22 09:52:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3138 https://access.redhat.com/errata/RHSA-2024:3138
Note You need to log in before you can comment on or make changes to this bug.