CVE-2023-53853Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 85.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink_native_seq_show() read nlk->cb_running locklessly. Use READ_ONCE() there. Add corresponding WRITE_ONCE() to netlink_dump() and __netlink_dump_start() syzbot reported: BUG: KCSAN: data-race in __netlink_dump_start / netlink_recvmsg write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0: __netlink_dump_start+0x3af/0x4d0 net/netlink/af_netl

Affected Packages4 packages

Linuxlinux/linux_kernel3.12.04.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux16b304f3404f8e0243d5ee2b70b68767b7b59b2be25e9d8a210ed78bdf0f364576dbee13aefadbf8+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
netlink: annotate accesses to nlk->cb_running2025-12-09
GHSA
GHSA-5rcq-g6mp-85jf: In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink2025-12-09
OSV
CVE-2023-53853: In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cb_running Both netlink_recvmsg() and netlink_n2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: netlink: annotate accesses to nlk->cb_running2025-12-09
Debian
CVE-2023-53853: linux - In the Linux kernel, the following vulnerability has been resolved: netlink: an...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53853 Impact, Exploitability, and Mitigation Steps | Wiz