CVE-2023-54218 (GCVE-0-2023-54218)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:11 – Updated: 2025-12-30 12:11
VLAI?
Title
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
Summary
In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0xffffffffc4653600 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < fd28692fa182d25e8d26bc1db506648839fde245 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < 564c3150ad357d571a0de7d8b644aa1f7e6e21b7 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < d7343f8de019ebb55b2b6ef79b971f6ceb361a99 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < d06f67b2b8dcd00d995c468428b6bccebc5762d8 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < de260d1e02cde39d317066835ee6e5234fc9f5a8 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < 7145f2309d649ad6273b9f66448321b9b4c523c8 (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < 8319220054e5ea5f506d8d4c4b5e234f668ffc3b (git)
Affected: 6c7c98bad4883a4a8710c96b2b44de482865eb6e , < dfd9248c071a3710c24365897459538551cb7167 (git)
Create a notification for this product.
    Linux Linux Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.14.316 , ≤ 4.14.* (semver)
Unaffected: 4.19.284 , ≤ 4.19.* (semver)
Unaffected: 5.4.244 , ≤ 5.4.* (semver)
Unaffected: 5.10.181 , ≤ 5.10.* (semver)
Unaffected: 5.15.113 , ≤ 5.15.* (semver)
Unaffected: 6.1.30 , ≤ 6.1.* (semver)
Unaffected: 6.3.4 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/sock.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd28692fa182d25e8d26bc1db506648839fde245",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "564c3150ad357d571a0de7d8b644aa1f7e6e21b7",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "d7343f8de019ebb55b2b6ef79b971f6ceb361a99",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "d06f67b2b8dcd00d995c468428b6bccebc5762d8",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "de260d1e02cde39d317066835ee6e5234fc9f5a8",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "7145f2309d649ad6273b9f66448321b9b4c523c8",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "8319220054e5ea5f506d8d4c4b5e234f668ffc3b",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            },
            {
              "lessThan": "dfd9248c071a3710c24365897459538551cb7167",
              "status": "affected",
              "version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/sock.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.244",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.316",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.284",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.244",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.181",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.113",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.30",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.4",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix load-tearing on sk-\u003esk_stamp in sock_recv_cmsgs().\n\nKCSAN found a data race in sock_recv_cmsgs() where the read access\nto sk-\u003esk_stamp needs READ_ONCE().\n\nBUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg\n\nwrite (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:\n sock_write_timestamp include/net/sock.h:2670 [inline]\n sock_recv_cmsgs include/net/sock.h:2722 [inline]\n packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nread to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:\n sock_recv_cmsgs include/net/sock.h:2721 [inline]\n packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nvalue changed: 0xffffffffc4653600 -\u003e 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:11:14.059Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245"
        },
        {
          "url": "https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99"
        },
        {
          "url": "https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167"
        }
      ],
      "title": "net: Fix load-tearing on sk-\u003esk_stamp in sock_recv_cmsgs().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54218",
    "datePublished": "2025-12-30T12:11:14.059Z",
    "dateReserved": "2025-12-30T12:06:44.501Z",
    "dateUpdated": "2025-12-30T12:11:14.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54218\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:10.067\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: Fix load-tearing on sk-\u003esk_stamp in sock_recv_cmsgs().\\n\\nKCSAN found a data race in sock_recv_cmsgs() where the read access\\nto sk-\u003esk_stamp needs READ_ONCE().\\n\\nBUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg\\n\\nwrite (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:\\n sock_write_timestamp include/net/sock.h:2670 [inline]\\n sock_recv_cmsgs include/net/sock.h:2722 [inline]\\n packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489\\n sock_recvmsg_nosec net/socket.c:1019 [inline]\\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\\n sock_read_iter+0x176/0x220 net/socket.c:1118\\n call_read_iter include/linux/fs.h:1845 [inline]\\n new_sync_read fs/read_write.c:389 [inline]\\n vfs_read+0x5e0/0x630 fs/read_write.c:470\\n ksys_read+0x163/0x1a0 fs/read_write.c:613\\n __do_sys_read fs/read_write.c:623 [inline]\\n __se_sys_read fs/read_write.c:621 [inline]\\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\\n\\nread to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:\\n sock_recv_cmsgs include/net/sock.h:2721 [inline]\\n packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489\\n sock_recvmsg_nosec net/socket.c:1019 [inline]\\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\\n sock_read_iter+0x176/0x220 net/socket.c:1118\\n call_read_iter include/linux/fs.h:1845 [inline]\\n new_sync_read fs/read_write.c:389 [inline]\\n vfs_read+0x5e0/0x630 fs/read_write.c:470\\n ksys_read+0x163/0x1a0 fs/read_write.c:613\\n __do_sys_read fs/read_write.c:623 [inline]\\n __se_sys_read fs/read_write.c:621 [inline]\\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\\n\\nvalue changed: 0xffffffffc4653600 -\u003e 0x0000000000000000\\n\\nReported by Kernel Concurrency Sanitizer on:\\nCPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.