CVE-2023-53824

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb

Description The Linux kernel contained a data-race condition within the netlink recvmsg() function. This issue was identified through reports from syzbot, indicating concurrent access to nlk->max recvmsg len without proper locking mechanisms. The data-race occurred during concurrent execution of netlink recvmsg() and netlink dump(), potentially leading to unpredictable behavior or system instability. The issue involves read and write operations to memory location 0xffff888141840b38 by different tasks on separate CPUs.

Recommendations Update the Linux kernel to version 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb or a later version that includes the fix for this data-race condition.