CVE-2023-54218

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-02330-gca6270c12e20

Description The Linux kernel contained a data race condition in the sock recv cmsgs() function, specifically related to accessing sk->sk stamp. Kernel Concurrency Sanitizer (KCSAN) identified that a read access to sk->sk stamp required READ ONCE() to prevent load-tearing. The issue was observed during packet recvmsg and sock recvmsg operations. The vulnerability was reported by KCSAN and addressed in a recent kernel build. The functions involved include sock write timestamp, sock recv cmsgs, packet recvmsg, sock recvmsg nosec, sock read iter, call read iter, vfs read, ksys read, do sys read, se sys read, and x64 sys read.

Recommendations Update to a version of the Linux kernel newer than 6.3.0-rc7-02330-gca6270c12e20.