{"id":"CVE-2023-6546","details":"A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.","modified":"2026-03-15T22:48:59.942256Z","published":"2023-12-21T20:15:08.260Z","related":["ALSA-2024:1607","ALSA-2024:2394","SUSE-SU-2024:0115-1","SUSE-SU-2024:0129-1","SUSE-SU-2024:0141-1","SUSE-SU-2024:0156-1","SUSE-SU-2024:0160-1","SUSE-SU-2024:1677-1","SUSE-SU-2024:1679-1","SUSE-SU-2024:1680-1","SUSE-SU-2024:1682-1","SUSE-SU-2024:1685-1","SUSE-SU-2024:1686-1","SUSE-SU-2024:1692-1","SUSE-SU-2024:1694-1","SUSE-SU-2024:1695-1","SUSE-SU-2024:1696-1","SUSE-SU-2024:1705-1","SUSE-SU-2024:1706-1","SUSE-SU-2024:1707-1","SUSE-SU-2024:1708-1","SUSE-SU-2024:1709-1","SUSE-SU-2024:1711-1","SUSE-SU-2024:1712-1","SUSE-SU-2024:1713-1","SUSE-SU-2024:1719-1","SUSE-SU-2024:1720-1","SUSE-SU-2024:1723-1","SUSE-SU-2024:1726-1","SUSE-SU-2024:1729-1","SUSE-SU-2024:1731-1","SUSE-SU-2024:1732-1","SUSE-SU-2024:1735-1","SUSE-SU-2024:1736-1","SUSE-SU-2024:1739-1","SUSE-SU-2024:1740-1","SUSE-SU-2024:1742-1","SUSE-SU-2024:1746-1","SUSE-SU-2024:1748-1","SUSE-SU-2024:1749-1","SUSE-SU-2024:1751-1","SUSE-SU-2024:1753-1","SUSE-SU-2024:1757-1","SUSE-SU-2024:1759-1","SUSE-SU-2024:2092-1","SUSE-SU-2024:2100-1","SUSE-SU-2024:2120-1","SUSE-SU-2024:2130-1","SUSE-SU-2024:2148-1","SUSE-SU-2024:2162-1","SUSE-SU-2024:2163-1","SUSE-SU-2024:2207-1","SUSE-SU-2024:2208-1","SUSE-SU-2024:2337-1","SUSE-SU-2024:2343-1","SUSE-SU-2024:2373-1","SUSE-SU-2024:2382-1","SUSE-SU-2024:2446-1","SUSE-SU-2024:2447-1","SUSE-SU-2024:2472-1","SUSE-SU-2024:2558-1","SUSE-SU-2024:2722-1","SUSE-SU-2024:2740-1","SUSE-SU-2024:2751-1","SUSE-SU-2024:2755-1","SUSE-SU-2024:2821-1","SUSE-SU-2024:2824-1","SUSE-SU-2024:2840-1","SUSE-SU-2024:2850-1","SUSE-SU-2024:2851-1","SUSE-SU-2024:3034-1","SUSE-SU-2024:3037-1","SUSE-SU-2024:3043-1","SUSE-SU-2024:3318-1","SUSE-SU-2024:3347-1","SUSE-SU-2024:3368-1","SUSE-SU-2024:3379-1","SUSE-SU-2024:3399-1","SUSE-SU-2024:3623-1","SUSE-SU-2024:3631-1","SUSE-SU-2024:3642-1","SUSE-SU-2024:3651-1","SUSE-SU-2024:3662-1","SUSE-SU-2024:3694-1","SUSE-SU-2024:3695-1","SUSE-SU-2024:3697-1","SUSE-SU-2024:3793-1","SUSE-SU-2024:3798-1","SUSE-SU-2024:3803-1","SUSE-SU-2024:3815-1","SUSE-SU-2024:3820-1","SUSE-SU-2024:3829-1","SUSE-SU-2024:3837-1","SUSE-SU-2024:3842-1","SUSE-SU-2024:3852-1","SUSE-SU-2024:4122-1","SUSE-SU-2024:4123-1","SUSE-SU-2024:4214-1","SUSE-SU-2024:4218-1","SUSE-SU-2024:4226-1","SUSE-SU-2024:4234-1","SUSE-SU-2024:4242-1","SUSE-SU-2024:4256-1","SUSE-SU-2024:4266-1","SUSE-SU-2025:0101-1","SUSE-SU-2025:0103-1","SUSE-SU-2025:0107-1","SUSE-SU-2025:0109-1","SUSE-SU-2025:0115-1","SUSE-SU-2025:0158-1","SUSE-SU-2025:0244-1","SUSE-SU-2025:0251-1","SUSE-SU-2025:0252-1","SUSE-SU-2025:0261-1","SUSE-SU-2025:0266-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/10/21"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/16/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/17/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/11/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/12/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/12/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/11/7"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/10/18"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1612"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4729"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1607"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1614"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-6546"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0937"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1253"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2621"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4577"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1018"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1019"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1055"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1250"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2394"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0930"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2093"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4970"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1306"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2697"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:4731"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255498"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5-rc6"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6546.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}