Login Sign Up

CVE-2023-6531

7.0 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's Unix domain socket garbage collector allows local attackers to potentially escalate privileges or cause denial of service. The race condition occurs when the garbage collector deletes socket buffers while they're being read. This affects Linux systems with Unix domain sockets enabled.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions vary by distribution; generally Linux kernel versions before fixes in early 2024
Operating Systems: Linux distributions including RHEL, CentOS, Ubuntu, Debian, SUSE
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Unix domain sockets functionality which is typically enabled by default. Systems with restricted local user access are less vulnerable.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.

🟠

Likely Case

Local denial of service through kernel panic or system instability, with privilege escalation requiring additional exploitation techniques.

🟢

If Mitigated

Minimal impact with proper access controls limiting local user accounts and SELinux/AppArmor enforcement.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local users or compromised services could exploit this for privilege escalation or DoS attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and race condition triggering. Proof-of-concept code is publicly available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by distribution - check vendor advisories (e.g., kernel 6.6.13+, RHEL kernel-5.14.0-427.18.1.el9_4)

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:2394

Restart Required: Yes

Instructions:

1. Check your distribution's security advisory. 2. Update kernel package via package manager. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict local user access

linux

Limit number of local user accounts and implement strict access controls

Enable kernel security modules

linux

Use SELinux or AppArmor to restrict process capabilities

setenforce 1
systemctl enable apparmor

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Use security modules (SELinux/AppArmor) with restrictive policies

🔍 How to Verify

Check if Vulnerable:

Check kernel version against vendor advisories: uname -r and compare to patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • OOM killer activity
  • Unexpected process crashes

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2023-6531
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: January 21, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6531, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)