CVE-2023-53204
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
15/09/2025
Last modified:
04/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
af_unix: Fix data-races around user->unix_inflight.<br />
<br />
user->unix_inflight is changed under spin_lock(unix_gc_lock),<br />
but too_many_unix_fds() reads it locklessly.<br />
<br />
Let&#39;s annotate the write/read accesses to user->unix_inflight.<br />
<br />
BUG: KCSAN: data-race in unix_attach_fds / unix_inflight<br />
<br />
write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:<br />
unix_inflight+0x157/0x180 net/unix/scm.c:66<br />
unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123<br />
unix_scm_to_skb net/unix/af_unix.c:1827 [inline]<br />
unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950<br />
unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]<br />
unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292<br />
sock_sendmsg_nosec net/socket.c:725 [inline]<br />
sock_sendmsg+0x148/0x160 net/socket.c:748<br />
____sys_sendmsg+0x4e4/0x610 net/socket.c:2494<br />
___sys_sendmsg+0xc6/0x140 net/socket.c:2548<br />
__sys_sendmsg+0x94/0x140 net/socket.c:2577<br />
__do_sys_sendmsg net/socket.c:2586 [inline]<br />
__se_sys_sendmsg net/socket.c:2584 [inline]<br />
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2584<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br />
<br />
read to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:<br />
too_many_unix_fds net/unix/scm.c:101 [inline]<br />
unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110<br />
unix_scm_to_skb net/unix/af_unix.c:1827 [inline]<br />
unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950<br />
unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]<br />
unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292<br />
sock_sendmsg_nosec net/socket.c:725 [inline]<br />
sock_sendmsg+0x148/0x160 net/socket.c:748<br />
____sys_sendmsg+0x4e4/0x610 net/socket.c:2494<br />
___sys_sendmsg+0xc6/0x140 net/socket.c:2548<br />
__sys_sendmsg+0x94/0x140 net/socket.c:2577<br />
__do_sys_sendmsg net/socket.c:2586 [inline]<br />
__se_sys_sendmsg net/socket.c:2584 [inline]<br />
__x64_sys_sendmsg+0x45/0x50 net/socket.c:2584<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br />
<br />
value changed: 0x000000000000000c -> 0x000000000000000d<br />
<br />
Reported by Kernel Concurrency Sanitizer on:<br />
CPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.2.78 (including) | 3.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.10.96 (including) | 3.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.12.57 (including) | 3.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.14.60 (including) | 3.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.18.27 (including) | 3.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.1.17 (including) | 4.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.3.5 (including) | 4.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.1 (including) | 4.14.326 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.295 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.257 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.195 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.132 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.54 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.5.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/03d133dfbcec9d439729cc64706c7eb6d1663a24
- https://git.kernel.org/stable/c/0bc36c0650b21df36fbec8136add83936eaf0607
- https://git.kernel.org/stable/c/9151ed4b006125cba7c06c79df504340ea4e9386
- https://git.kernel.org/stable/c/ac92f239a079678a035c0faad9089354a874aede
- https://git.kernel.org/stable/c/adcf4e069358cdee8593663650ea447215a1c49e
- https://git.kernel.org/stable/c/b401d7e485b0a234cf8fe9a6ae99dbcd20863138
- https://git.kernel.org/stable/c/b9cdbb38e030fc2fe97fe27b54cbb6b4fbff250f
- https://git.kernel.org/stable/c/df97b5ea9f3ac9308c3a633524dab382cd59d9e5