CVE-2023-53020

EPSS 0.02%
Veröffentlicht 27.03.2025 16:43:47
Zuletzt bearbeitet 01.10.2025 18:15:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

l2tp: close all race conditions in l2tp_tunnel_register()

In the Linux kernel, the following vulnerability has been resolved:

l2tp: close all race conditions in l2tp_tunnel_register()

The code in l2tp_tunnel_register() is racy in several ways:

1. It modifies the tunnel socket _after_ publishing it.

2. It calls setup_udp_tunnel_sock() on an existing socket without
   locking.

3. It changes sock lock class on fly, which triggers many syzbot
   reports.

This patch amends all of them by moving socket initialization code
before publishing and under sock lock. As suggested by Jakub, the
l2tp lockdep class is not necessary as we can just switch to
bh_lock_sock_nested().

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 7 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.6 < 5.10.166

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.91

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.9

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/2d77e5c0ad79004b5ef901895437e9cce6dfcc7e

Patch

https://git.kernel.org/stable/c/77e8ed776cdb1a24b2aab8fe7c6f1f154235e1ce

Patch

https://git.kernel.org/stable/c/cef0845b6dcfa2f6c2c832e7f9622551456c741d

Patch

https://git.kernel.org/stable/c/0b2c59720e65885a394a017d0cf9cab118914682

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53020

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53020

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53020

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-53020