An exploit has been openly discovered, which uses an unknown vulnerability in the N_GSM driver, a part of the Linux kernel. This exploit allows an unauthorized local user to execute code at the kernel level and escalate their privileges in the system. A CVE identifier has not been assigned yet, and the issue remains unresolved.
The N_GSM driver implements the GSM 07.10 protocol used in GSM modems for multiplexing channels to a sequential port. The vulnerability stems from a race condition in the IOctL GSMIOC_SetConf_DLCI function used to update DLCI configurations. By manipulating the iOctl, an attacker can trigger a use-after-free memory corruption.
The exploit can target systems running Linux kernels from versions 5.15 to 6.5. Successful privilege escalation has been demonstrated in Fedora, Ubuntu 22.04 with a 6.5 kernel, and Debian 12 with a 6.1 kernel. Starting from kernel version 6.6, the cap_net_admin access rights are required to execute the exploit. As a workaround to mitigate the vulnerability, users can prevent the automatic loading of the nrm kernel module by blacklisting “n_gsm” in the /etc/modprobe.d/blacklist.conf file.
It is worth noting that in January, information was disclosed about another vulnerability (CVE-2023-6546) in the N_GSM driver, exploited by Exflict. This separate vulnerability, fixed in August of the previous year (included in kernel 6.5), also involves memory corruption after the release when interacting with the GSM_DLCI structure, but in a different IOctL processor (GSMIOC_SETCONF).