CVE-2023-6200

Linux Kernel 6.7-rc7 - Red Hat

Publication date: 28/01/2024

Remote code execution - Kernel - RedHat

A race condition was found in the Linux Kernel. Being on the local network or the same network that the vulnerable system would allow the attacker to send an malicious ICMPv6 router advertisement packet, causing arbitrary code execution.

The parameter net.ipv6.conf must be enabled :[NIC].accept_ra enabled”

{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0",
    "cveMetadata": {
        "cveId": "CVE-2023-6200",
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "state": "PUBLISHED",
        "assignerShortName": "redhat",
        "dateReserved": "2023-11-20T09:44:39.245Z",
        "datePublished": "2024-01-28T12:19:24.885Z",
        "dateUpdated": "2024-02-02T15:44:56.695Z"
    },

Score: CVSS v3.x: 7.5

  "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "ADJACENT_NETWORK",
                        "availabilityImpact": "HIGH",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "version": "3.1"

References:

PreviousCVE-2024-21762NextCVE-2023-46604

Last updated