CVE-2023-54226
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/12/2025
Last modified:
30/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
af_unix: Fix data races around sk->sk_shutdown.<br />
<br />
KCSAN found a data race around sk->sk_shutdown where unix_release_sock()<br />
and unix_shutdown() update it under unix_state_lock(), OTOH unix_poll()<br />
and unix_dgram_poll() read it locklessly.<br />
<br />
We need to annotate the writes and reads with WRITE_ONCE() and READ_ONCE().<br />
<br />
BUG: KCSAN: data-race in unix_poll / unix_release_sock<br />
<br />
write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0:<br />
unix_release_sock+0x75c/0x910 net/unix/af_unix.c:631<br />
unix_release+0x59/0x80 net/unix/af_unix.c:1042<br />
__sock_release+0x7d/0x170 net/socket.c:653<br />
sock_close+0x19/0x30 net/socket.c:1397<br />
__fput+0x179/0x5e0 fs/file_table.c:321<br />
____fput+0x15/0x20 fs/file_table.c:349<br />
task_work_run+0x116/0x1a0 kernel/task_work.c:179<br />
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]<br />
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]<br />
exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204<br />
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]<br />
syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297<br />
do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86<br />
entry_SYSCALL_64_after_hwframe+0x72/0xdc<br />
<br />
read to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1:<br />
unix_poll+0xa3/0x2a0 net/unix/af_unix.c:3170<br />
sock_poll+0xcf/0x2b0 net/socket.c:1385<br />
vfs_poll include/linux/poll.h:88 [inline]<br />
ep_item_poll.isra.0+0x78/0xc0 fs/eventpoll.c:855<br />
ep_send_events fs/eventpoll.c:1694 [inline]<br />
ep_poll fs/eventpoll.c:1823 [inline]<br />
do_epoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258<br />
__do_sys_epoll_wait fs/eventpoll.c:2270 [inline]<br />
__se_sys_epoll_wait fs/eventpoll.c:2265 [inline]<br />
__x64_sys_epoll_wait+0xcc/0x190 fs/eventpoll.c:2265<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x72/0xdc<br />
<br />
value changed: 0x00 -> 0x03<br />
<br />
Reported by Kernel Concurrency Sanitizer on:<br />
CPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/196528ad484443627779540697f4fb0ef0e01c52
- https://git.kernel.org/stable/c/1c488f4e95b498c977fbeae784983eb4cf6085e8
- https://git.kernel.org/stable/c/8307e372e7445ec7d3cd2ff107ce5078eaa02815
- https://git.kernel.org/stable/c/a41559ae3681975f1ced815d8d4c983b6b938499
- https://git.kernel.org/stable/c/e1d09c2c2f5793474556b60f83900e088d0d366d
- https://git.kernel.org/stable/c/e410895892f99700ce54347d42c8dbe962eea9f4
- https://git.kernel.org/stable/c/f237f79b63c9242450e6869adcd2c10445859f28