Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2023-53345

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
17/09/2025
Última modificación:
17/09/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rxrpc: Fix potential data race in rxrpc_wait_to_be_connected()<br /> <br /> Inside the loop in rxrpc_wait_to_be_connected() it checks call-&gt;error to<br /> see if it should exit the loop without first checking the call state. This<br /> is probably safe as if call-&gt;error is set, the call is dead anyway, but we<br /> should probably wait for the call state to have been set to completion<br /> first, lest it cause surprise on the way out.<br /> <br /> Fix this by only accessing call-&gt;error if the call is complete. We don&amp;#39;t<br /> actually need to access the error inside the loop as we&amp;#39;ll do that after.<br /> <br /> This caused the following report:<br /> <br /> BUG: KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion<br /> <br /> write to 0xffff888159cf3c50 of 4 bytes by task 25673 on cpu 1:<br /> rxrpc_set_call_completion+0x71/0x1c0 net/rxrpc/call_state.c:22<br /> rxrpc_send_data_packet+0xba9/0x1650 net/rxrpc/output.c:479<br /> rxrpc_transmit_one+0x1e/0x130 net/rxrpc/output.c:714<br /> rxrpc_decant_prepared_tx net/rxrpc/call_event.c:326 [inline]<br /> rxrpc_transmit_some_data+0x496/0x600 net/rxrpc/call_event.c:350<br /> rxrpc_input_call_event+0x564/0x1220 net/rxrpc/call_event.c:464<br /> rxrpc_io_thread+0x307/0x1d80 net/rxrpc/io_thread.c:461<br /> kthread+0x1ac/0x1e0 kernel/kthread.c:376<br /> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308<br /> <br /> read to 0xffff888159cf3c50 of 4 bytes by task 25672 on cpu 0:<br /> rxrpc_send_data+0x29e/0x1950 net/rxrpc/sendmsg.c:296<br /> rxrpc_do_sendmsg+0xb7a/0xc20 net/rxrpc/sendmsg.c:726<br /> rxrpc_sendmsg+0x413/0x520 net/rxrpc/af_rxrpc.c:565<br /> sock_sendmsg_nosec net/socket.c:724 [inline]<br /> sock_sendmsg net/socket.c:747 [inline]<br /> ____sys_sendmsg+0x375/0x4c0 net/socket.c:2501<br /> ___sys_sendmsg net/socket.c:2555 [inline]<br /> __sys_sendmmsg+0x263/0x500 net/socket.c:2641<br /> __do_sys_sendmmsg net/socket.c:2670 [inline]<br /> __se_sys_sendmmsg net/socket.c:2667 [inline]<br /> __x64_sys_sendmmsg+0x57/0x60 net/socket.c:2667<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> value changed: 0x00000000 -&gt; 0xffffffea

Impacto

Referencias a soluciones, herramientas e información