CVE-2023-53839 — Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 85.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt(). Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.14 — 4.14.323+6

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c — 162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1+8

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

OSV

dccp: fix data-race around dp->dccps_mss_cache↗2025-12-09

▶

OSV

CVE-2023-53839: In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_mss_↗2025-12-09

▶

GHSA

GHSA-8252-q96p-5jpg: In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp->dccps_mss_cache dccp_sendmsg() reads dp->dccps_ms↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: dccp: fix data-race around dp->dccps_mss_cache↗2025-12-09

▶

Debian

CVE-2023-53839: linux - In the Linux kernel, the following vulnerability has been resolved: dccp: fix d...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53839 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶