CVE-2023-54006Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_sock() reads it locklessly. Let's use READ_ONCE() for unix_tot_inflight. Note that the writer side was marked by commit 9d6d7f1cb67c ("af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress") BUG: KCSAN: data-race in unix_inflight / unix_release_sock write (marked) to 0xffffffff8718

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.244.14.326+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux9305cfa4443dbfb99faf35c5603ec0c0e91b5ef831b46d5e7c4e295bd112960614a66a177a057dca+8
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54006: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight2025-12-24
OSV
af_unix: Fix data-race around unix_tot_inflight.2025-12-24
GHSA
GHSA-c5hc-c94v-v6gh: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: af_unix: Fix data-race around unix_tot_inflight2025-12-24
Debian
CVE-2023-54006: linux - In the Linux kernel, the following vulnerability has been resolved: af_unix: Fi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54006 Impact, Exploitability, and Mitigation Steps | Wiz