{"vulnerability": "CVE-2023-6546", "sightings": [{"uuid": "8da5a10a-b17d-483c-aa94-995ba9b989bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "seen", "source": "MISP/d61e7a73-8702-448b-b48c-af318f127dcb", "content": "", "creation_timestamp": "2024-04-11T15:06:45.000000Z"}, {"uuid": "026aa8f0-7ef6-4866-9bfb-3ec2f18a3f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1893", "content": "https://github.com/Nassim-Asrir/ZDI-24-020\n\nLinux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)\n#github #tools #\u63d0\u6743", "creation_timestamp": "2024-01-23T04:34:33.000000Z"}, {"uuid": "8b2e7ea3-c182-4696-ad91-ab14702c9179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/2135", "content": "Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)\n\nhttps://github.com/Nassim-Asrir/ZDI-24-020/", "creation_timestamp": "2024-01-25T03:32:15.000000Z"}, {"uuid": "19487b30-9381-4a79-893d-3ab2be584a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1970", "content": "CVE-2023-6546 - GSM Multiplexing Race Condition\n*\n\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043b\u044f Ubuntu 18.04+20.04 LTS/Centos 8/RHEL 8 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u043f\u0440\u0430\u0432\u0430 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u044f\u0434\u0440\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 SMP.\n*\nexploit\n\n#linux #lpe", "creation_timestamp": "2024-03-28T21:34:07.000000Z"}, {"uuid": "c436d3ca-866b-4ce2-91e9-61bbee49975d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "seen", "source": "https://t.me/ctinow/168049", "content": "https://ift.tt/d7jNmLt\nCVE-2023-6546 | Linux Kernel up to 6.5-rc6 GSM 0710 TTY Multiplexor drivers/tty/n_gsm.c gsm_error use after free", "creation_timestamp": "2024-01-14T15:12:08.000000Z"}, {"uuid": "ba460925-d529-47dd-b966-2906520e35a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "seen", "source": "https://t.me/ctinow/157959", "content": "https://ift.tt/fzEMBeF\nCVE-2023-6546", "creation_timestamp": "2023-12-21T21:21:57.000000Z"}, {"uuid": "c3b10373-994c-4c82-b3f9-8f5f40abed51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ljitwsmhdd2d", "content": "", "creation_timestamp": "2025-03-03T21:02:36.889812Z"}, {"uuid": "e42c834b-9a9c-45c8-a091-8a06f745a4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/239", "content": "Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)\n\nAn article by Nassim Asrir about exploiting a race condition that leads to a kmalloc-1k use-after-free in the n_gsm TTY line discipline module.\n\nIn the exploit, the researcher overwrote the freed object, gained an arbitrary function call with a controlled argument primitive, and escalated privileges by spawning a userspace process via run_cmd.\n\nThe exploit bypasses KASLR by leaking the kernel address from world-readable /sys/kernel/notes. This is a separate vulnerability that still affects up-to-date kernels that enable CONFIG_XEN_PV.\n\nTo bypass SMAP, the author used a novel technique of filling the kernfs_pr_cont_buf global variable with controlled data from userspace. The data is supplied as the path to a cgroup filter created via iptables, whose use requires unprivileged user namespaces.\n\nThe repository with the exploit also contains a set of scripts for automatically extracting symbol offsets for Ubuntu, CentOS, and RHEL kernels.", "creation_timestamp": "2024-01-22T19:10:41.000000Z"}, {"uuid": "4234a971-4a65-412a-b052-e2af889c1bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "seen", "source": "https://t.me/arpsyndicate/4917", "content": "#ExploitObserverAlert\n\nCVE-2023-6546\n\nDESCRIPTION: Exploit Observer has 199 entries in 9 file formats related to CVE-2023-6546. A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.\n\nFIRST-EPSS: 0.000880000\nNVD-IS: 5.9\nNVD-ES: 1.0\nARPS-PRIORITY: 0.9632912", "creation_timestamp": "2024-05-02T23:22:12.000000Z"}, {"uuid": "e0c0ba72-03f4-4070-a35c-5a518aaf140d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9835", "content": "#exploit\n1. CVE-2023-46316:\nTraceroute Privilege Escalation\nhttps://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html\n\n2. CVE-2023-6546:\nLinux Kernel GSM Multiplexing Race Condition LPE Vulnerability\nhttps://github.com/Nassim-Asrir/ZDI-24-020\n]-&gt; scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:\nhttps://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols", "creation_timestamp": "2025-04-24T03:08:34.000000Z"}, {"uuid": "550ef3d2-c208-45e3-a698-222c4c979eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6546", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2557", "content": "#exploit\n1. CVE-2023-46316:\nTraceroute Privilege Escalation\nhttps://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html\n\n2. CVE-2023-6546:\nLinux Kernel GSM Multiplexing Race Condition LPE Vulnerability\nhttps://github.com/Nassim-Asrir/ZDI-24-020\n]-&gt; scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:\nhttps://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols", "creation_timestamp": "2024-08-16T09:02:40.000000Z"}]}