Unauthenticated Attacker Could Execute Arbitrary Code via ICMPv6 Router Advertisement Packet
CVE-2023-6200

7.5HIGH

Key Information:

Vendor: Red Hat
Status: kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 28 January 2024

Summary

A race condition has been identified in the Linux Kernel, which can be exploited under specific conditions. An unauthenticated attacker situated within an adjacent network may exploit this vulnerability by sending crafted ICMPv6 router advertisement packets. If successful, this attack could lead to arbitrary code execution, potentially compromising the integrity and security of the affected systems.

Affected Version(s)

kernel 6.7-rc7

References

https://access.redhat.com/security/cve/CVE-2023-6200

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2250377

issue-trackingx_refsource_REDHAT

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2024
Vulnerability Reserved
Nov 20, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Lucas Leong (Trend Micro Zero Day Initiative) for reporting this issue.