| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120956-CVE-2023-53839-5f7e@gregkh> Date: Tue, 9 Dec 2025 10:31:23 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53839: dccp: fix data-race around dp->dccps_mss_cache From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked. The Linux kernel CVE team has assigned CVE-2023-53839 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 4.14.323 with commit 162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 4.19.292 with commit 2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 5.4.254 with commit 67eebc7a9217f999b779d46fba5312a716f0dc1d Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 5.10.191 with commit 6d701c95ee6463abcbb6da543060d6e444554135 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 5.15.127 with commit f239c9e1d98b313435481b4926e8bdd06197e4d8 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 6.1.46 with commit a6ddc1c774874dc704f96a99d015dc759627bba7 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 6.4.11 with commit d1f38d313bdfc52fb2f662e66d0c60dd1cfe2384 Issue introduced in 2.6.14 with commit 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c and fixed in 6.5 with commit a47e598fbd8617967e49d85c49c22f9fc642704c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53839 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/dccp/output.c net/dccp/proto.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1 https://git.kernel.org/stable/c/2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817 https://git.kernel.org/stable/c/67eebc7a9217f999b779d46fba5312a716f0dc1d https://git.kernel.org/stable/c/6d701c95ee6463abcbb6da543060d6e444554135 https://git.kernel.org/stable/c/f239c9e1d98b313435481b4926e8bdd06197e4d8 https://git.kernel.org/stable/c/a6ddc1c774874dc704f96a99d015dc759627bba7 https://git.kernel.org/stable/c/d1f38d313bdfc52fb2f662e66d0c60dd1cfe2384 https://git.kernel.org/stable/c/a47e598fbd8617967e49d85c49c22f9fc642704c
Powered by blists - more mailing lists