| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102216-CVE-2023-53731-aef7@gregkh>
Date: Wed, 22 Oct 2025 15:25:10 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53731: netlink: fix potential deadlock in netlink_set_err()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
netlink: fix potential deadlock in netlink_set_err()
syzbot reported a possible deadlock in netlink_set_err() [1]
A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs
for netlink_lock_table()") in netlink_lock_table()
This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()
which were not covered by cited commit.
[1]
WARNING: possible irq lock inversion dependency detected
6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted
syz-executor.2/23011 just changed the state of lock:
ffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612
but this lock was taken by another, SOFTIRQ-safe lock in the past:
(&local->queue_stop_reason_lock){..-.}-{2:2}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nl_table_lock);
local_irq_disable();
lock(&local->queue_stop_reason_lock);
lock(nl_table_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
*** DEADLOCK ***
The Linux kernel CVE team has assigned CVE-2023-53731 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14.237 with commit 82b2ea5f904b3826934df4a00f3b8806272185f6 and fixed in 4.14.322 with commit c09e8e3f7fd432984bf5422302b093d2371dfc48
Issue introduced in 4.19.195 with commit 59fba11d649854134c75ad88c8adafa9304ac419 and fixed in 4.19.291 with commit 4b9adb8d4a62ff7608d4a7d4eb42036a88f30980
Issue introduced in 5.4.126 with commit 21df0c2e7d195de4a3c650de9361b3037fa6c59a and fixed in 5.4.251 with commit 8f6652ed2ad98fe6d13b903483d9257762ab2ec6
Issue introduced in 5.10.44 with commit 1d6d43d4805da9b3fa0f5841e8b1083c89868f35 and fixed in 5.10.188 with commit cde7b90e0539a3b11da377e463dfd2288a162dbf
Issue introduced in 5.13 with commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d and fixed in 5.15.121 with commit a641240b7e071c5538dc0e7894ece833fce459dd
Issue introduced in 5.13 with commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d and fixed in 6.1.39 with commit 61ffe8b1ee084e5c82a4e4bbf9e7b68e0c06e464
Issue introduced in 5.13 with commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d and fixed in 6.3.13 with commit eb8e27c8fa9397b4a7b181c48fa58157dbe9902e
Issue introduced in 5.13 with commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d and fixed in 6.4.4 with commit 1556ba034b95cfd4f75ea93c1a2679ae0444bba1
Issue introduced in 5.13 with commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d and fixed in 6.5 with commit 8d61f926d42045961e6b65191c09e3678d86a9cf
Issue introduced in 4.4.273 with commit 5f155c4046200f067b1dc3140ea99ef56e4e0b74
Issue introduced in 4.9.273 with commit a8e9111a8625dd11e70edd61f7a1ccd26c041442
Issue introduced in 5.12.11 with commit 76cc8e04f38c2bbfcba07f62864a011f142bd40c
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53731
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/netlink/af_netlink.c
net/netlink/diag.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c09e8e3f7fd432984bf5422302b093d2371dfc48
https://git.kernel.org/stable/c/4b9adb8d4a62ff7608d4a7d4eb42036a88f30980
https://git.kernel.org/stable/c/8f6652ed2ad98fe6d13b903483d9257762ab2ec6
https://git.kernel.org/stable/c/cde7b90e0539a3b11da377e463dfd2288a162dbf
https://git.kernel.org/stable/c/a641240b7e071c5538dc0e7894ece833fce459dd
https://git.kernel.org/stable/c/61ffe8b1ee084e5c82a4e4bbf9e7b68e0c06e464
https://git.kernel.org/stable/c/eb8e27c8fa9397b4a7b181c48fa58157dbe9902e
https://git.kernel.org/stable/c/1556ba034b95cfd4f75ea93c1a2679ae0444bba1
https://git.kernel.org/stable/c/8d61f926d42045961e6b65191c09e3678d86a9cf
Powered by blists - more mailing lists