CVE-2023-54218 - Vulnerability Details

- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().

Description

In the Linux kernel, the following vulnerability has been resolved:

net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().

KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().

BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg

write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
sock_write_timestamp include/net/sock.h:2670 [inline]
sock_recv_cmsgs include/net/sock.h:2722 [inline]
packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5e0/0x630 fs/read_write.c:470
ksys_read+0x163/0x1a0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x41/0x50 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:
sock_recv_cmsgs include/net/sock.h:2721 [inline]
packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5e0/0x630 fs/read_write.c:470
ksys_read+0x163/0x1a0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x41/0x50 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0xffffffffc4653600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< fd28692fa182d25e8d26bc1db506648839fde245
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< 564c3150ad357d571a0de7d8b644aa1f7e6e21b7
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< d7343f8de019ebb55b2b6ef79b971f6ceb361a99
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< d06f67b2b8dcd00d995c468428b6bccebc5762d8
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< de260d1e02cde39d317066835ee6e5234fc9f5a8
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< 7145f2309d649ad6273b9f66448321b9b4c523c8
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< 8319220054e5ea5f506d8d4c4b5e234f668ffc3b
`6c7c98bad4883a4a8710c96b2b44de482865eb6e`	affected	< dfd9248c071a3710c24365897459538551cb7167

Linux

affected

Version	Status	Constraints
`4.12`	affected	—
`0`	unaffected	< 4.12
`4.14.316`	unaffected	≤ 4.14.*
`4.19.284`	unaffected	≤ 4.19.*
`5.4.244`	unaffected	≤ 5.4.*
`5.10.181`	unaffected	≤ 5.10.*
`5.15.113`	unaffected	≤ 5.15.*
`6.1.30`	unaffected	≤ 6.1.*
`6.3.4`	unaffected	≤ 6.3.*
`6.4`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7
https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8
https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b
https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8
https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99
https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8
https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167
https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245
https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54218-840c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54218
https://www.cve.org/CVERecord?id=CVE-2023-54218

History

Thu, 01 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54218-840c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54218 https://www.cve.org/CVERecord?id=CVE-2023-54218
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0xffffffffc4653600 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Title		net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7 https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8 https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8 https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99 https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8 https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167 https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:11:14.059Z

Updated: 2026-05-11T19:57:44.055Z

Reserved: 2025-12-30T12:06:44.501Z

Link: CVE-2023-54218

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:10.067

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54218

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54218 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object