CVE-2023-6200: 
CBL Mariner vulnerability analysis and mitigation

CVE-2023-6200 is a race condition vulnerability discovered in the Linux Kernel. The vulnerability was disclosed on January 28, 2024, and affects Linux Kernel versions up to (excluding) 6.7. Under specific conditions, an unauthenticated attacker from an adjacent network could exploit this vulnerability by sending an ICMPv6 router advertisement packet (NVD, Ubuntu).

The vulnerability stems from a race condition in the Linux Kernel's handling of ICMPv6 router advertisement packets. When the kernel receives such a packet, the ndisc_router_discovery() function is called. If the packet contains route information option with lifetime, fib6_set_expires() is used and linked into the gc_link. The race condition occurs in ndisc_router_discovery when fib6_clean_expires() is used for unlinking expired entries, potentially leading to a Use-After-Free (UAF) condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with vector: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (Red Hat Bugzilla).

If successfully exploited, this vulnerability could lead to arbitrary code execution on the target system. The attack requires the attacker to be on an adjacent network, but no authentication is needed to execute the attack. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in Linux Kernel version 6.7-rc7 through a patch that reverts commit 3dec89b14d37. The fix addresses the race conditions in how expires is managed on a fib6_info in relation to gc start, adding the entry to the gc list, and setting the timer value (Kernel Commit).