CVE-2023-54218Missing Synchronization in Linux

CWE-820Missing Synchronization7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/pac

Affected Packages4 packages

Linuxlinux/linux_kernel4.12.04.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux6c7c98bad4883a4a8710c96b2b44de482865eb6efd28692fa182d25e8d26bc1db506648839fde245+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54218: In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()2025-12-30
GHSA
GHSA-pjmr-2x65-8v9f: In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()2025-12-30
OSV
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()2025-12-30
Debian
CVE-2023-54218: linux - In the Linux kernel, the following vulnerability has been resolved: net: Fix lo...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54218 Impact, Exploitability, and Mitigation Steps | Wiz