{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54218", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:44.501Z", "datePublished": "2025-12-30T12:11:14.059Z", "dateUpdated": "2025-12-30T12:11:14.059Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:11:14.059Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().\n\nKCSAN found a data race in sock_recv_cmsgs() where the read access\nto sk->sk_stamp needs READ_ONCE().\n\nBUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg\n\nwrite (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:\n sock_write_timestamp include/net/sock.h:2670 [inline]\n sock_recv_cmsgs include/net/sock.h:2722 [inline]\n packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nread to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:\n sock_recv_cmsgs include/net/sock.h:2721 [inline]\n packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nvalue changed: 0xffffffffc4653600 -> 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/sock.h"], "versions": [{"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "fd28692fa182d25e8d26bc1db506648839fde245", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "564c3150ad357d571a0de7d8b644aa1f7e6e21b7", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "d7343f8de019ebb55b2b6ef79b971f6ceb361a99", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "d06f67b2b8dcd00d995c468428b6bccebc5762d8", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "de260d1e02cde39d317066835ee6e5234fc9f5a8", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "7145f2309d649ad6273b9f66448321b9b4c523c8", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "8319220054e5ea5f506d8d4c4b5e234f668ffc3b", "status": "affected", "versionType": "git"}, {"version": "6c7c98bad4883a4a8710c96b2b44de482865eb6e", "lessThan": "dfd9248c071a3710c24365897459538551cb7167", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/sock.h"], "versions": [{"version": "4.12", "status": "affected"}, {"version": "0", "lessThan": "4.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.316", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.284", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.244", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.181", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.113", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.30", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.4", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "4.14.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "4.19.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.4.244"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.10.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.15.113"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.1.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245"}, {"url": "https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7"}, {"url": "https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99"}, {"url": "https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8"}, {"url": "https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8"}, {"url": "https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8"}, {"url": "https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b"}, {"url": "https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167"}], "title": "net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().\n\nKCSAN found a data race in sock_recv_cmsgs() where the read access\nto sk->sk_stamp needs READ_ONCE().\n\nBUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg\n\nwrite (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:\n sock_write_timestamp include/net/sock.h:2670 [inline]\n sock_recv_cmsgs include/net/sock.h:2722 [inline]\n packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nread to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:\n sock_recv_cmsgs include/net/sock.h:2721 [inline]\n packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:1019 [inline]\n sock_recvmsg+0x11a/0x130 net/socket.c:1040\n sock_read_iter+0x176/0x220 net/socket.c:1118\n call_read_iter include/linux/fs.h:1845 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x5e0/0x630 fs/read_write.c:470\n ksys_read+0x163/0x1a0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x41/0x50 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nvalue changed: 0xffffffffc4653600 -> 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014"}], "id": "CVE-2023-54218", "lastModified": "2025-12-30T13:16:10.067", "metrics": {}, "published": "2025-12-30T13:16:10.067", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}