Home

Description

In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk->max_recvmsg_len syzbot reported a data-race in data-race in netlink_recvmsg() [1] Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection. [1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0: netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] __sys_recvfrom+0x1ee/0x2e0 net/socket.c:2194 __do_sys_recvfrom net/socket.c:2212 [inline] __se_sys_recvfrom net/socket.c:2208 [inline] __x64_sys_recvfrom+0x78/0x90 net/socket.c:2208 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd write to 0xffff888141840b38 of 8 bytes by task 23037 on cpu 1: netlink_recvmsg+0x114/0x730 net/netlink/af_netlink.c:1989 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] ____sys_recvmsg+0x156/0x310 net/socket.c:2720 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __do_sys_recvmmsg net/socket.c:2958 [inline] __se_sys_recvmmsg net/socket.c:2951 [inline] __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0x0000000000000000 -> 0x0000000000001000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 23037 Comm: syz-executor.2 Not tainted 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023

PUBLISHED Reserved 2025-12-09 | Published 2025-12-09 | Updated 2025-12-09 | Assigner Linux

Product status

Default status
unaffected

9063e21fb026c4966fc93261c18322214f9835eb (git) before 05c9e3fc93b02d18c3ab258d43350a6d44b40bbd
affected

9063e21fb026c4966fc93261c18322214f9835eb (git) before 7cff4103be7c402ecc3e7bf8f95a64089e3c91b8
affected

9063e21fb026c4966fc93261c18322214f9835eb (git) before e3bcf2a77060bea4d8d09cb09d92c7056f07df5a
affected

9063e21fb026c4966fc93261c18322214f9835eb (git) before fc4ba13013ddaea8b11b88fd52b35449e2d9cf85
affected

9063e21fb026c4966fc93261c18322214f9835eb (git) before a1865f2e7d10dde00d35a2122b38d2e469ae67ed
affected

Default status
affected

3.15
affected

Any version before 3.15
unaffected

5.10.218 (semver)
unaffected

5.15.160 (semver)
unaffected

6.1.24 (semver)
unaffected

6.2.11 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/05c9e3fc93b02d18c3ab258d43350a6d44b40bbd

git.kernel.org/...c/7cff4103be7c402ecc3e7bf8f95a64089e3c91b8

git.kernel.org/...c/e3bcf2a77060bea4d8d09cb09d92c7056f07df5a

git.kernel.org/...c/fc4ba13013ddaea8b11b88fd52b35449e2d9cf85

git.kernel.org/...c/a1865f2e7d10dde00d35a2122b38d2e469ae67ed

cve.org (CVE-2023-53824)

nvd.nist.gov (CVE-2023-53824)

Download JSON