CVE-2023-6200 in Linuxinfo

Summary

by MITRE • 01/28/2024

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 06/06/2025

The vulnerability identified as CVE-2023-6200 represents a critical race condition within the Linux kernel's handling of ICMPv6 router advertisement packets. This flaw exists in the kernel's network stack implementation where concurrent access to shared data structures during packet processing creates opportunities for malicious exploitation. The vulnerability specifically affects systems that process ICMPv6 traffic and have IPv6 networking enabled, making it particularly concerning for network infrastructure devices, servers, and any system operating in environments where untrusted IPv6 traffic might be present.

The technical root cause of this vulnerability stems from improper synchronization mechanisms within the kernel's IPv6 routing table management code. When an ICMPv6 router advertisement packet is received, the kernel performs multiple operations on shared data structures without adequate locking mechanisms. An attacker can exploit this race condition by crafting and sending multiple malicious router advertisement packets in rapid succession, creating a timing window where the kernel's internal state becomes inconsistent. This inconsistency allows for memory corruption that can be leveraged to execute arbitrary code with kernel privileges, effectively compromising the entire system.

The operational impact of CVE-2023-6200 extends beyond simple privilege escalation as it provides an unauthenticated remote code execution vector that requires minimal attack surface. The vulnerability is particularly dangerous because it can be exploited from an adjacent network, meaning attackers do not require direct network access or sophisticated network positioning. Systems running Linux kernels version 5.19 and earlier are affected, though the exact version ranges may vary depending on specific kernel configurations and patches. The attack scenario involves an attacker sending carefully crafted ICMPv6 packets to a target system, potentially leading to complete system compromise, data exfiltration, or establishment of persistent backdoors.

Security mitigations for this vulnerability primarily focus on applying the latest kernel patches released by the Linux kernel community, as the official fix addresses the underlying race condition through proper locking mechanisms. Organizations should prioritize patching all affected systems, particularly network infrastructure devices, servers, and any systems with IPv6 enabled. Network segmentation and firewall rules can provide temporary protection by blocking ICMPv6 traffic from untrusted sources, though this approach is not foolproof as the vulnerability can be exploited through adjacent network access. System administrators should also implement monitoring for unusual ICMPv6 traffic patterns and consider disabling IPv6 if it is not required for operations. This vulnerability aligns with CWE-362, which describes race conditions in concurrent programming, and maps to ATT&CK technique T1059.007 for execution through kernel modules, highlighting the critical nature of kernel-level vulnerabilities in modern cybersecurity defenses.

Responsible

Red Hat, Inc.

Reservation

11/20/2023

Disclosure

01/28/2024

Moderation

accepted

CPE

ready

EPSS

0.02166

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!