CVE-2023-53109

Source
https://cve.org/CVERecord?id=CVE-2023-53109
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53109.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53109
Downstream
Related
Published
2025-05-02T15:55:49.654Z
Modified
2026-07-15T01:48:56.393327594Z
Summary
net: tunnels: annotate lockless accesses to dev->needed_headroom
Details

In the Linux kernel, the following vulnerability has been resolved:

net: tunnels: annotate lockless accesses to dev->needed_headroom

IP tunnels can apparently update dev->needed_headroom in their xmit path.

This patch takes care of three tunnels xmit, and also the core LLRESERVEDSPACE() and LLRESERVEDSPACE_EXTRA() helpers.

More changes might be needed for completeness.

BUG: KCSAN: data-race in iptunnelxmit / iptunnelxmit

read to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1: iptunnelxmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803 __grexmit net/ipv4/ipgre.c:469 [inline] ipgrexmit+0x516/0x570 net/ipv4/ipgre.c:661 __netdevstartxmit include/linux/netdevice.h:4881 [inline] netdevstartxmit include/linux/netdevice.h:4895 [inline] xmitone net/core/dev.c:3580 [inline] devhardstartxmit+0x127/0x400 net/core/dev.c:3596 __devqueuexmit+0x1007/0x1eb0 net/core/dev.c:4246 devqueuexmit include/linux/netdevice.h:3051 [inline] neighdirectoutput+0x17/0x20 net/core/neighbour.c:1623 neighoutput include/net/neighbour.h:546 [inline] ipfinishoutput2+0x740/0x840 net/ipv4/ipoutput.c:228 ipfinishoutput+0xf4/0x240 net/ipv4/ipoutput.c:316 NFHOOKCOND include/linux/netfilter.h:291 [inline] ipoutput+0xe5/0x1b0 net/ipv4/ipoutput.c:430 dstoutput include/net/dst.h:444 [inline] iplocalout+0x64/0x80 net/ipv4/ipoutput.c:126 iptunnelxmit+0x34a/0x4b0 net/ipv4/iptunnelcore.c:82 iptunnelxmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __grexmit net/ipv4/ipgre.c:469 [inline] ipgrexmit+0x516/0x570 net/ipv4/ipgre.c:661 __netdevstartxmit include/linux/netdevice.h:4881 [inline] netdevstartxmit include/linux/netdevice.h:4895 [inline] xmitone net/core/dev.c:3580 [inline] devhardstartxmit+0x127/0x400 net/core/dev.c:3596 __devqueuexmit+0x1007/0x1eb0 net/core/dev.c:4246 devqueuexmit include/linux/netdevice.h:3051 [inline] neighdirectoutput+0x17/0x20 net/core/neighbour.c:1623 neighoutput include/net/neighbour.h:546 [inline] ipfinishoutput2+0x740/0x840 net/ipv4/ipoutput.c:228 ipfinishoutput+0xf4/0x240 net/ipv4/ipoutput.c:316 NFHOOKCOND include/linux/netfilter.h:291 [inline] ipoutput+0xe5/0x1b0 net/ipv4/ipoutput.c:430 dstoutput include/net/dst.h:444 [inline] iplocalout+0x64/0x80 net/ipv4/ipoutput.c:126 iptunnelxmit+0x34a/0x4b0 net/ipv4/iptunnelcore.c:82 iptunnelxmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __grexmit net/ipv4/ipgre.c:469 [inline] ipgrexmit+0x516/0x570 net/ipv4/ipgre.c:661 __netdevstartxmit include/linux/netdevice.h:4881 [inline] netdevstartxmit include/linux/netdevice.h:4895 [inline] xmitone net/core/dev.c:3580 [inline] devhardstartxmit+0x127/0x400 net/core/dev.c:3596 __devqueuexmit+0x1007/0x1eb0 net/core/dev.c:4246 devqueuexmit include/linux/netdevice.h:3051 [inline] neighdirectoutput+0x17/0x20 net/core/neighbour.c:1623 neighoutput include/net/neighbour.h:546 [inline] ipfinishoutput2+0x740/0x840 net/ipv4/ipoutput.c:228 ipfinishoutput+0xf4/0x240 net/ipv4/ipoutput.c:316 NFHOOKCOND include/linux/netfilter.h:291 [inline] ipoutput+0xe5/0x1b0 net/ipv4/ipoutput.c:430 dstoutput include/net/dst.h:444 [inline] iplocalout+0x64/0x80 net/ipv4/ipoutput.c:126 iptunnelxmit+0x34a/0x4b0 net/ipv4/iptunnelcore.c:82 iptunnelxmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __grexmit net/ipv4/ipgre.c:469 [inline] ipgrexmit+0x516/0x570 net/ipv4/ipgre.c:661 __netdevstartxmit include/linux/netdevice.h:4881 [inline] netdevstartxmit include/linux/netdevice.h:4895 [inline] xmitone net/core/dev.c:3580 [inline] devhardstartxmit+0x127/0x400 net/core/dev.c:3596 __devqueuexmit+0x1007/0x1eb0 net/core/dev.c:4246 devqueuexmit include/linux/netdevice.h:3051 [inline] neighdirectoutput+0x17/0x20 net/core/neighbour.c:1623 neighoutput include/net/neighbour.h:546 [inline] ipfinishoutput2+0x740/0x840 net/ipv4/ipoutput.c:228 ipfinishoutput+0xf4/0x240 net/ipv4/ipoutput.c:316 NFHOOKCOND include/linux/netfilter.h:291 [inline] ipoutput+0xe5/0x1b0 net/i ---truncated---

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53109.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8eb30be0352d09165e94a41fef1c7b994dca0714
Fixed
8e206f66d824b3b28a7f9ee1366dfc79a937bb46
Fixed
51f3bd3765bc5ca4583af07a00833da00d2ace1d
Fixed
5aaab217c8f5387b9c5fff9e940d80f135e04366
Fixed
be59b87ee4aed81db7c10e44f603866a0ac3ca5d
Fixed
e0a557fc1daf5c1086e47150a4571aebadbb62be
Fixed
a69b72b57b7d269e833e520ba7500d556e8189b6
Fixed
9b86a8702b042ee4e15d2d46375be873a6a8834f
Fixed
4b397c06cb987935b1b097336532aa6b4210e091

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53109.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.7.0
Fixed
4.14.311
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.279
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.238
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.176
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.104
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.21
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53109.json"