CVE-2023-6546: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the GSM 0710 tty multiplexor in the Linux kernel (CVE-2023-6546). The vulnerability occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, which can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux (NVD, Red Hat).

The vulnerability is caused by a race condition in gsm_cleanup_mux() function. The race occurs when one thread accesses dlci = gsm->dlci[0] before taking the mutex lock while another thread has already acquired the lock and released the dlci, leading to a use-after-free condition. The issue was fixed by ensuring proper mutex locking before accessing the dlci structure. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) (ZDI Advisory, Linux Commit).

This vulnerability allows a local unprivileged user to escalate their privileges to root level on affected systems, potentially gaining complete control over the system. The successful exploitation could lead to arbitrary code execution in the context of the kernel (ZDI Advisory).

Several mitigations are available: 1) Disable CONFIG_N_GSM at kernel build time, 2) Unload and blacklist the n_gsm module using 'rmmod n_gsm' and adding 'blacklist n_gsm' to /etc/modprobe.d/blacklist.conf, 3) Disable auto-loading of tty line discipline modules by setting 'sysctl dev.tty.ldisc_autoload = 0', 4) Apply the available kernel patches that fix this vulnerability (OSS Security).

The vulnerability was initially reported by security researchers and has been actively discussed in the security community. Greg Kroah-Hartman, a prominent Linux kernel maintainer, recommended that users disable the GSM module if not specifically needed, as it is specialized hardware that most users don't require (OSS Security).