CVE-2023-45863: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in lib/kobject.c in the Linux kernel before version 6.2.3. The vulnerability (CVE-2023-45863) allows an attacker with root access to trigger a race condition that results in a fillkobjpath out-of-bounds write (NVD, Ubuntu).

The vulnerability occurs in the kobjectgetpath() function where if kobj->name is changed between calls to getkobjpathlength() and fillkobjpath() and the length becomes longer, then fillkobjpath() will have an out-of-bounds write. The issue manifests during ixgbe probe, specifically in ixgbemiibusinit(), when the length of netdev->dev.kobj.name becomes longer (Kernel Commit). The vulnerability has been assigned a CVSS v3.1 base score of 6.4 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with root privileges to cause an out-of-bounds write, potentially leading to system crashes, memory corruption, or arbitrary code execution in kernel context (Ubuntu).

The vulnerability has been fixed in Linux kernel version 6.2.3. The fix involves modifying fillkobjpath() to check the path length and return failure if the name becomes too long, allowing for retry of the operation (Kernel Commit). Various Linux distributions have also released patches for their supported kernel versions (Debian LTS).