CVE-2023-53853

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a data race condition within the netlink subsystem. Specifically, both netlink recvmsg() and netlink native seq show() were reading nlk->cb running without proper locking, while netlink dump() and netlink dump start() were writing to it without synchronization. This could lead to unpredictable behavior and potential system instability. The issue was identified through syzbot testing, which reported a KCSAN data-race in netlink dump start and netlink recvmsg. The vulnerable code involves accessing the nlk->cb running variable, which is used to manage the state of netlink connections. The functions netlink dump start, rtnetlink rcv msg, netlink recv skb, rtnetlink rcv, netlink unicast kernel, netlink unicast, netlink sendmsg, sock sendmsg nosec, sock write iter, vfs write, ksys write, do sys write, se sys write, x64 sys write, sys recvmsg, sys recvmsg, do recvmmsg, sys recvmmsg, do sys recvmmsg, and se sys recvmmsg are involved in the execution path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.