PatchSiren cyber security CVE debrief
CVE-2023-6932 Siemens CVE debrief
CVE-2023-6932 is a Linux kernel use-after-free in the ipv4: igmp path. NVD rates it High (CVSS 7.8) and the published description ties it to local privilege escalation, so systems running affected kernel releases should be treated as priority patch targets.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Linux kernel maintainers, distro security teams, embedded/appliance vendors, and administrators of hosts running affected Linux kernel versions should care most. The risk is especially relevant anywhere local users can obtain a shell or run untrusted workloads.
Technical summary
The issue is described as a race condition in which a timer may be registered on an RCU-read-locked object that is freed by another thread, creating a use-after-free condition in the kernel's ipv4: igmp component. NVD maps the weakness to CWE-416 and assigns CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack requiring low privileges but with potential for full confidentiality, integrity, and availability impact. The NVD record lists affected Linux kernel ranges ending before 4.14.332, 4.19.301, 5.4.263, 5.10.203, 5.15.142, 6.1.66, and 6.6.5, and also includes Debian Linux 10.0 in its CPE criteria. The referenced remediation is to upgrade past kernel commit e2b706c691905fe78468c361aaabc719d0a496f1.
Defensive priority
High. This is a kernel memory-safety bug with local privilege-escalation potential, so patching should be prioritized on any system exposed to untrusted local users, multi-tenant workloads, or interactive shells.
Recommended defensive actions
- Upgrade to a kernel build that includes commit e2b706c691905fe78468c361aaabc719d0a496f1 or later.
- Compare deployed kernel versions against the NVD affected ranges and vendor backports, especially if you run Linux kernel releases earlier than the listed fixed versions.
- Apply downstream vendor advisories or distro backports before assuming a version number alone is safe.
- Prioritize remediation on systems where local user access is possible or where containers/VM guests share the host kernel.
- Verify patch deployment by checking the running kernel build and package changelog after reboot.
Evidence notes
Source corpus anchors the CVE on 2023-12-19 publication and 2026-05-12 modification in NVD. The supplied NVD data describes the flaw as a Linux kernel ipv4: igmp use-after-free involving a timer registered on an RCU-read-locked object freed by another thread, maps it to CWE-416, and provides the affected CPE ranges. The referenced kernel commit and Debian LTS notices are included in the source set; no KEV entry was supplied.
Official resources
-
CVE-2023-6932 CVE record
CVE.org
-
CVE-2023-6932 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2023-12-19T14:15:08.460Z; NVD modified 2026-05-12T11:16:18.860Z. No Known Exploited Vulnerabilities entry was supplied in the source corpus.