Login Sign Up

CVE-2023-2006

7.0 HIGH

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's RxRPC network protocol, where improper locking during bundle processing could allow local attackers to escalate privileges and execute arbitrary code with kernel-level permissions. It affects Linux systems using RxRPC, primarily those with specific kernel versions. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before commit 3bcd6c7eaa53 (specific affected versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with RxRPC protocol enabled or in use. Many distributions may have this disabled by default.

📦 What is this software?

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could achieve full kernel privilege escalation, gaining root-level control over the system to install malware, exfiltrate data, or disrupt operations.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions for lateral movement or persistence within compromised environments.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the affected system rather than spreading across the network.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring existing access to the system.
🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to escalate privileges on affected Linux systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and race condition timing, making it moderately complex but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions including commit 3bcd6c7eaa53

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2189112

Restart Required: Yes

Instructions:

1. Check your Linux distribution's security advisories. 2. Update kernel package using your package manager (yum update kernel, apt-get upgrade linux-image, etc.). 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable RxRPC module

linux

Prevent loading of the vulnerable RxRPC kernel module

echo 'install rxrpc /bin/false' >> /etc/modprobe.d/rxrpc.conf
rmmod rxrpc

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Disable RxRPC functionality if not required for system operation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RxRPC module is loaded: 'uname -r' and 'lsmod | grep rxrpc'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit and RxRPC module is either updated or disabled

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation attempts in audit logs
  • Failed module loading attempts

Network Indicators:

  • Unusual RxRPC protocol traffic patterns

SIEM Query:

source="kernel" AND ("rxrpc" OR "privilege escalation")

📊 Metadata

CVE ID: CVE-2023-2006
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: April 24, 2023
Last Updated: April 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2006, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)