Description
In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0xffffffffc4653600 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Product status
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before fd28692fa182d25e8d26bc1db506648839fde245
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before 564c3150ad357d571a0de7d8b644aa1f7e6e21b7
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before d7343f8de019ebb55b2b6ef79b971f6ceb361a99
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before d06f67b2b8dcd00d995c468428b6bccebc5762d8
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before de260d1e02cde39d317066835ee6e5234fc9f5a8
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before 7145f2309d649ad6273b9f66448321b9b4c523c8
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before 8319220054e5ea5f506d8d4c4b5e234f668ffc3b
6c7c98bad4883a4a8710c96b2b44de482865eb6e (git) before dfd9248c071a3710c24365897459538551cb7167
4.12
Any version before 4.12
4.14.316 (semver)
4.19.284 (semver)
5.4.244 (semver)
5.10.181 (semver)
5.15.113 (semver)
6.1.30 (semver)
6.3.4 (semver)
6.4 (original_commit_for_fix)
References
git.kernel.org/...c/fd28692fa182d25e8d26bc1db506648839fde245
git.kernel.org/...c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7
git.kernel.org/...c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99
git.kernel.org/...c/d06f67b2b8dcd00d995c468428b6bccebc5762d8
git.kernel.org/...c/de260d1e02cde39d317066835ee6e5234fc9f5a8
git.kernel.org/...c/7145f2309d649ad6273b9f66448321b9b4c523c8
git.kernel.org/...c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b
git.kernel.org/...c/dfd9248c071a3710c24365897459538551cb7167
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
