| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120902-CVE-2023-53853-424f@gregkh> Date: Tue, 9 Dec 2025 10:31:37 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53853: netlink: annotate accesses to nlk->cb_running From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink_native_seq_show() read nlk->cb_running locklessly. Use READ_ONCE() there. Add corresponding WRITE_ONCE() to netlink_dump() and __netlink_dump_start() syzbot reported: BUG: KCSAN: data-race in __netlink_dump_start / netlink_recvmsg write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0: __netlink_dump_start+0x3af/0x4d0 net/netlink/af_netlink.c:2399 netlink_dump_start include/linux/netlink.h:308 [inline] rtnetlink_rcv_msg+0x70f/0x8c0 net/core/rtnetlink.c:6130 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2577 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6192 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] sock_write_iter+0x1aa/0x230 net/socket.c:1138 call_write_iter include/linux/fs.h:1851 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x463/0x760 fs/read_write.c:584 ksys_write+0xeb/0x1a0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x42/0x50 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffff88813ea4db59 of 1 bytes by task 28222 on cpu 1: netlink_recvmsg+0x3b4/0x730 net/netlink/af_netlink.c:2022 sock_recvmsg_nosec+0x4c/0x80 net/socket.c:1017 ____sys_recvmsg+0x2db/0x310 net/socket.c:2718 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __do_sys_recvmmsg net/socket.c:2958 [inline] __se_sys_recvmmsg net/socket.c:2951 [inline] __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0x00 -> 0x01 The Linux kernel CVE team has assigned CVE-2023-53853 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 4.14.316 with commit e25e9d8a210ed78bdf0f364576dbee13aefadbf8 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 4.19.284 with commit 840a647499b093621167de56ffa8756dfc69f242 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 5.4.244 with commit a507022c862e10744a92c4bf5709775450a110ad Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 5.10.181 with commit f92557f79a60cb142258f5fa7194f327573fadd8 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 5.15.113 with commit 1d5c8b01f1df0461256a6d75854ed806f50645a3 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 6.1.30 with commit a115dadf8995b1730c36c474401d97355705cb88 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 6.3.4 with commit 02e7afd659a4c9ce1e98fc01ab4c510f3de1f0b3 Issue introduced in 3.12 with commit 16b304f3404f8e0243d5ee2b70b68767b7b59b2b and fixed in 6.4 with commit a939d14919b799e6fff8a9c80296ca229ba2f8a4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53853 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/netlink/af_netlink.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e25e9d8a210ed78bdf0f364576dbee13aefadbf8 https://git.kernel.org/stable/c/840a647499b093621167de56ffa8756dfc69f242 https://git.kernel.org/stable/c/a507022c862e10744a92c4bf5709775450a110ad https://git.kernel.org/stable/c/f92557f79a60cb142258f5fa7194f327573fadd8 https://git.kernel.org/stable/c/1d5c8b01f1df0461256a6d75854ed806f50645a3 https://git.kernel.org/stable/c/a115dadf8995b1730c36c474401d97355705cb88 https://git.kernel.org/stable/c/02e7afd659a4c9ce1e98fc01ab4c510f3de1f0b3 https://git.kernel.org/stable/c/a939d14919b799e6fff8a9c80296ca229ba2f8a4
Powered by blists - more mailing lists