CVE-2023-2006

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2023-2006 SUSE-SU-2023:4730-1 SUSE-SU-2023:4731-1 SUSE-SU-2023:4732-1 SUSE-SU-2023:4734-1 SUSE-SU-2023:4782-1

Modified

Published: 24 Apr 2023, 00:00

Last modified:23 Apr 2025, 16:22

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7 HIGH

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Apr 2023, 00:00

Published

Vulnerability first disclosed

23 Apr 2025, 16:22

Last Modified

Vulnerability information updated

Description

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

linux•linux_kernel
≥ 5.10, < 5.10.157 | ≥ 5.11, < 5.15.81 | ≥ 5.16, < 6.0.11
netapp•hci_baseboard_management_controller
h300s | h410c | h410s | h500s | h700s