CVE-2023-6546: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the GSM 0710 tty multiplexor in the Linux kernel (CVE-2023-6546). The vulnerability occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, which can lead to a use-after-free problem on a struct gsmdlci while restarting the gsm mux (NVD, Red Hat).

The vulnerability is caused by a race condition in gsmcleanupmux() function. The race occurs when one thread accesses dlci = gsm->dlci[0] before taking the mutex lock while another thread has already acquired the lock and released the dlci, leading to a use-after-free condition. The issue was fixed by ensuring proper mutex locking before accessing the dlci structure. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) (ZDI Advisory, Linux Commit).

This vulnerability allows a local unprivileged user to escalate their privileges to root level on affected systems, potentially gaining complete control over the system. The successful exploitation could lead to arbitrary code execution in the context of the kernel (ZDI Advisory).

Several mitigations are available: 1) Disable CONFIGNGSM at kernel build time, 2) Unload and blacklist the ngsm module using 'rmmod ngsm' and adding 'blacklist ngsm' to /etc/modprobe.d/blacklist.conf, 3) Disable auto-loading of tty line discipline modules by setting 'sysctl dev.tty.ldiscautoload = 0', 4) Apply the available kernel patches that fix this vulnerability (OSS Security).

The vulnerability was initially reported by security researchers and has been actively discussed in the security community. Greg Kroah-Hartman, a prominent Linux kernel maintainer, recommended that users disable the GSM module if not specifically needed, as it is specialized hardware that most users don't require (OSS Security).