CVE-2023-53204Race Condition in Linux

CWE-362Race ConditionCWE-366Race Condition within a Thread5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 97.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. user->unix_inflight is changed under spin_lock(unix_gc_lock), but too_many_unix_fds() reads it locklessly. Let's annotate the write/read accesses to user->unix_inflight. BUG: KCSAN: data-race in unix_attach_fds / unix_inflight write to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1: unix_inflight+0x157/0x180 net/unix/scm.c:66 unix_attach_fds+0x147/0x1e0 net/unix/scm.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.2.783.3+13
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux712f4aad406bb1ed67f3f98d04c044191f0ff593df97b5ea9f3ac9308c3a633524dab382cd59d9e5+16
debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-rpfp-2r63-7p7p: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight2025-09-15
OSV
CVE-2023-53204: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: af_unix: Fix data-races around user->unix_inflight2025-09-15
Debian
CVE-2023-53204: linux - In the Linux kernel, the following vulnerability has been resolved: af_unix: Fi...2023
CVE-2023-53204 — Race Condition in Linux | cvebase