CVE-2023-6531
Advisory lineage Upstream: 0 Downstream: 64
Modified
Published: 21 Jan 2024, 10:01
Last modified:06 Nov 2025, 19:47
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
7 HIGH
v3.1 (cve.org)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Jan 2024, 10:01
Published
Vulnerability first disclosed
06 Nov 2025, 19:47
Last Modified
Vulnerability information updated
Description
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
CVSS Metrics
- v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 2%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- linux•linux_kernel
< 6.7 | 6.7:rc1 | 6.7:rc2 | 6.7:rc3 | 6.7:rc4
- redhat•enterprise_linux
9.0
References (6)
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/security/cve/CVE-2023-6531
- https://bugzilla.redhat.com/show_bug.cgi?id=2253034
- https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/
- http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html