-

CVE-2023-54226

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix data races around sk->sk_shutdown.

KCSAN found a data race around sk->sk_shutdown where unix_release_sock()
and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll()
and unix_dgram_poll() read it locklessly.

We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE().

BUG: KCSAN: data-race in unix_poll / unix_release_sock

write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0:
 unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631
 unix_release+0x59/0x80 net/unix/af_unix.c:1042
 __sock_release+0x7d/0x170 net/socket.c:653
 sock_close+0x19/0x30 net/socket.c:1397
 __fput+0x179/0x5e0 fs/file_table.c:321
 ____fput+0x15/0x20 fs/file_table.c:349
 task_work_run+0x116/0x1a0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297
 do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1:
 unix_poll+0xa3/0x2a0 net/unix/af_unix.c:3170
 sock_poll+0xcf/0x2b0 net/socket.c:1385
 vfs_poll include/linux/poll.h:88 [inline]
 ep_item_poll.isra.0+0x78/0xc0 fs/eventpoll.c:855
 ep_send_events fs/eventpoll.c:1694 [inline]
 ep_poll fs/eventpoll.c:1823 [inline]
 do_epoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258
 __do_sys_epoll_wait fs/eventpoll.c:2270 [inline]
 __se_sys_epoll_wait fs/eventpoll.c:2265 [inline]
 __x64_sys_epoll_wait+0xcc/0x190 fs/eventpoll.c:2265
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0x00 -> 0x03

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 1c488f4e95b498c977fbeae784983eb4cf6085e8
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 196528ad484443627779540697f4fb0ef0e01c52
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 8307e372e7445ec7d3cd2ff107ce5078eaa02815
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < a41559ae3681975f1ced815d8d4c983b6b938499
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < e410895892f99700ce54347d42c8dbe962eea9f4
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < f237f79b63c9242450e6869adcd2c10445859f28
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < e1d09c2c2f5793474556b60f83900e088d0d366d
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.12
Status affected
Version < 2.6.12
Version 0
Status unaffected
Version <= 4.19.*
Version 4.19.284
Status unaffected
Version <= 5.4.*
Version 5.4.244
Status unaffected
Version <= 5.10.*
Version 5.10.181
Status unaffected
Version <= 5.15.*
Version 5.15.113
Status unaffected
Version <= 6.1.*
Version 6.1.30
Status unaffected
Version <= 6.3.*
Version 6.3.4
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.