PatchSiren cyber security CVE debrief

CVE-2023-6932 Linux CVE debrief

CVE-2023-6932 is a Linux kernel use-after-free in the ipv4: igmp path. NVD rates it High (CVSS 7.8) and the published description ties it to local privilege escalation, so systems running affected kernel releases should be treated as priority patch targets.

Vendor: Linux
Product: CVE-2023-6932
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-12-19
Original CVE updated: 2026-05-12
Advisory published: 2023-12-19
Advisory updated: 2026-05-12

Who should care

Linux kernel maintainers, distro security teams, embedded/appliance vendors, and administrators of hosts running affected Linux kernel versions should care most. The risk is especially relevant anywhere local users can obtain a shell or run untrusted workloads.

Technical summary

The issue is described as a race condition in which a timer may be registered on an RCU-read-locked object that is freed by another thread, creating a use-after-free condition in the kernel's ipv4: igmp component. NVD maps the weakness to CWE-416 and assigns CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack requiring low privileges but with potential for full confidentiality, integrity, and availability impact. The NVD record lists affected Linux kernel ranges ending before 4.14.332, 4.19.301, 5.4.263, 5.10.203, 5.15.142, 6.1.66, and 6.6.5, and also includes Debian Linux 10.0 in its CPE criteria. The referenced remediation is to upgrade past kernel commit e2b706c691905fe78468c361aaabc719d0a496f1.

Defensive priority

High. This is a kernel memory-safety bug with local privilege-escalation potential, so patching should be prioritized on any system exposed to untrusted local users, multi-tenant workloads, or interactive shells.

Recommended defensive actions

Upgrade to a kernel build that includes commit e2b706c691905fe78468c361aaabc719d0a496f1 or later.
Compare deployed kernel versions against the NVD affected ranges and vendor backports, especially if you run Linux kernel releases earlier than the listed fixed versions.
Apply downstream vendor advisories or distro backports before assuming a version number alone is safe.
Prioritize remediation on systems where local user access is possible or where containers/VM guests share the host kernel.
Verify patch deployment by checking the running kernel build and package changelog after reboot.

Evidence notes

Source corpus anchors the CVE on 2023-12-19 publication and 2026-05-12 modification in NVD. The supplied NVD data describes the flaw as a Linux kernel ipv4: igmp use-after-free involving a timer registered on an RCU-read-locked object freed by another thread, maps it to CWE-416, and provides the affected CPE ranges. The referenced kernel commit and Debian LTS notices are included in the source set; no KEV entry was supplied.

Official resources

CVE-2023-6932 CVE record
CVE.org
CVE-2023-6932 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Mailing List, Patch
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

CVE published 2023-12-19T14:15:08.460Z; NVD modified 2026-05-12T11:16:18.860Z. No Known Exploited Vulnerabilities entry was supplied in the source corpus.