| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123026-CVE-2023-54218-840c@gregkh> Date: Tue, 30 Dec 2025 13:13:48 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54218: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0xffffffffc4653600 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 The Linux kernel CVE team has assigned CVE-2023-54218 to this issue. Affected and fixed versions =========================== Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 4.14.316 with commit fd28692fa182d25e8d26bc1db506648839fde245 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 4.19.284 with commit 564c3150ad357d571a0de7d8b644aa1f7e6e21b7 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 5.4.244 with commit d7343f8de019ebb55b2b6ef79b971f6ceb361a99 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 5.10.181 with commit d06f67b2b8dcd00d995c468428b6bccebc5762d8 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 5.15.113 with commit de260d1e02cde39d317066835ee6e5234fc9f5a8 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 6.1.30 with commit 7145f2309d649ad6273b9f66448321b9b4c523c8 Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 6.3.4 with commit 8319220054e5ea5f506d8d4c4b5e234f668ffc3b Issue introduced in 4.12 with commit 6c7c98bad4883a4a8710c96b2b44de482865eb6e and fixed in 6.4 with commit dfd9248c071a3710c24365897459538551cb7167 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54218 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/net/sock.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245 https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7 https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99 https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8 https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8 https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8 https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167
Powered by blists - more mailing lists