CVE-2023-53831Missing Synchronization in Linux

CWE-820Missing Synchronization7 documents6 sources
Severity
4.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM quite a lot these days, and managed to hit the WARN_ON_ONCE(1) in sk_mc_loop() We have many more similar issues to fix. WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 sk_mc_loop+0x165/0x260 Modules linked in: CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, B

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.334.14.326+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux7ad6848c7e81a603605fad3f3575841aab004eea7586a66b9c4f1b8a825ea1dfa3a91aad5cc7b89b+8
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-83cq-hc8w-3693: In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFOR2025-12-09
OSV
CVE-2023-53831: In the Linux kernel, the following vulnerability has been resolved: net: read sk->sk_family once in sk_mc_loop() syzbot is playing with IPV6_ADDRFORM2025-12-09
OSV
net: read sk->sk_family once in sk_mc_loop()2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: net: read sk->sk_family once in sk_mc_loop()2025-12-09
Debian
CVE-2023-53831: linux - In the Linux kernel, the following vulnerability has been resolved: net: read s...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53831 Impact, Exploitability, and Mitigation Steps | Wiz