CVE-2023-53020

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-53020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53020.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53020

Downstream

BELL-CVE-2023-53020

DEBIAN-CVE-2023-53020

RHSA-2023:2458

SUSE-SU-2025:02846-1

UBUNTU-CVE-2023-53020

Related

SUSE-SU-2025:02846-1

Published

2025-03-27T17:15:51Z

Modified

2025-10-01T18:15:36Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

l2tp: close all race conditions in l2tptunnelregister()

The code in l2tptunnelregister() is racy in several ways:

It modifies the tunnel socket after publishing it.
It calls setupudptunnel_sock() on an existing socket without locking.
It changes sock lock class on fly, which triggers many syzbot reports.

This patch amends all of them by moving socket initialization code before publishing and under sock lock. As suggested by Jakub, the l2tp lockdep class is not necessary as we can just switch to bhlocksock_nested().

References

Affected packages