-

CVE-2023-54218

In the Linux kernel, the following vulnerability has been resolved:

net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().

KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().

BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg

write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
 sock_write_timestamp include/net/sock.h:2670 [inline]
 sock_recv_cmsgs include/net/sock.h:2722 [inline]
 packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg+0x11a/0x130 net/socket.c:1040
 sock_read_iter+0x176/0x220 net/socket.c:1118
 call_read_iter include/linux/fs.h:1845 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x5e0/0x630 fs/read_write.c:470
 ksys_read+0x163/0x1a0 fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:
 sock_recv_cmsgs include/net/sock.h:2721 [inline]
 packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489
 sock_recvmsg_nosec net/socket.c:1019 [inline]
 sock_recvmsg+0x11a/0x130 net/socket.c:1040
 sock_read_iter+0x176/0x220 net/socket.c:1118
 call_read_iter include/linux/fs.h:1845 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x5e0/0x630 fs/read_write.c:470
 ksys_read+0x163/0x1a0 fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __x64_sys_read+0x41/0x50 fs/read_write.c:621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0xffffffffc4653600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < fd28692fa182d25e8d26bc1db506648839fde245
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < 564c3150ad357d571a0de7d8b644aa1f7e6e21b7
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < d7343f8de019ebb55b2b6ef79b971f6ceb361a99
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < d06f67b2b8dcd00d995c468428b6bccebc5762d8
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < de260d1e02cde39d317066835ee6e5234fc9f5a8
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < 7145f2309d649ad6273b9f66448321b9b4c523c8
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < 8319220054e5ea5f506d8d4c4b5e234f668ffc3b
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
Version < dfd9248c071a3710c24365897459538551cb7167
Version 6c7c98bad4883a4a8710c96b2b44de482865eb6e
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.12
Status affected
Version < 4.12
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.316
Status unaffected
Version <= 4.19.*
Version 4.19.284
Status unaffected
Version <= 5.4.*
Version 5.4.244
Status unaffected
Version <= 5.10.*
Version 5.10.181
Status unaffected
Version <= 5.15.*
Version 5.15.113
Status unaffected
Version <= 6.1.*
Version 6.1.30
Status unaffected
Version <= 6.3.*
Version 6.3.4
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.