CVE-2023-53686

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53686
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53686.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53686
Downstream
Related
Published
2025-10-07T15:21:38.824Z
Modified
2026-02-21T09:14:58.312080Z
Summary
net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
Details

In the Linux kernel, the following vulnerability has been resolved:

net/handshake: fix null-ptr-deref in handshakenldone_doit()

We should not call tracehandshakecmddoneerr() if socket lookup has failed.

Also we should call tracehandshakecmddoneerr() before releasing the file, otherwise dereferencing sock->sk can return garbage.

This also reverts 7afc6d0a107f ("net/handshake: Fix uninitialized local variable")

Unable to handle kernel paging request at virtual address dfff800000000003 KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfff800000000003] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : handshakenldonedoit+0x198/0x9c8 net/handshake/netlink.c:193 lr : handshakenldonedoit+0x180/0x9c8 sp : ffff800096e37180 x29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000 x26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8 x23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000 x20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000 x17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001 x14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003 x8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078 x2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000 Call trace: handshakenldonedoit+0x198/0x9c8 net/handshake/netlink.c:193 genlfamilyrcvmsgdoit net/netlink/genetlink.c:970 [inline] genlfamilyrcvmsg net/netlink/genetlink.c:1050 [inline] genlrcvmsg+0x96c/0xc50 net/netlink/genetlink.c:1067 netlinkrcvskb+0x214/0x3c4 net/netlink/afnetlink.c:2549 genlrcv+0x38/0x50 net/netlink/genetlink.c:1078 netlinkunicastkernel net/netlink/afnetlink.c:1339 [inline] netlinkunicast+0x660/0x8d4 net/netlink/afnetlink.c:1365 netlinksendmsg+0x834/0xb18 net/netlink/afnetlink.c:1914 socksendmsgnosec net/socket.c:725 [inline] socksendmsg net/socket.c:748 [inline] _syssendmsg+0x56c/0x840 net/socket.c:2494 syssendmsg net/socket.c:2548 [inline] _syssendmsg+0x26c/0x33c net/socket.c:2577 _dosyssendmsg net/socket.c:2586 [inline] _sesyssendmsg net/socket.c:2584 [inline] _arm64syssendmsg+0x80/0x94 net/socket.c:2584 _invokesyscall arch/arm64/kernel/syscall.c:37 [inline] invokesyscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0svccommon+0x130/0x23c arch/arm64/kernel/syscall.c:136 doel0svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678 el0t64synchandler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t64sync+0x190/0x194 arch/arm64/kernel/entry.S:591 Code: 12800108 b90043e8 910062b3 d343fe68 (387b6908)

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53686.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3b3009ea8abb713b022d94fba95ec270cf6e7eae
Fixed
93d69f18edcca282351394c5870bec24cc99d745
Fixed
82ba0ff7bf0483d962e592017bef659ae022d754

Affected versions

v6.*
v6.3
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53686.json"
vanir_signatures 
[
    {
        "id": "CVE-2023-53686-1d935a52",
        "target": {
            "function": "handshake_nl_done_doit",
            "file": "net/handshake/netlink.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@93d69f18edcca282351394c5870bec24cc99d745",
        "digest": {
            "function_hash": "980227747478651685649537490773036381",
            "length": 805.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53686-566d4bbd",
        "target": {
            "function": "handshake_nl_done_doit",
            "file": "net/handshake/netlink.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82ba0ff7bf0483d962e592017bef659ae022d754",
        "digest": {
            "function_hash": "980227747478651685649537490773036381",
            "length": 805.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53686-5b3fdf4b",
        "target": {
            "file": "net/handshake/netlink.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@93d69f18edcca282351394c5870bec24cc99d745",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208720923554512165762367242913706250058",
                "236148329588056445113718911920789642904",
                "140608666145904731029549654317482992837",
                "174672758762829822004985272154503381190",
                "133307976552353033145875391671325969954",
                "170409101039787525264069990165054857115",
                "203544341813890616586608310861015991643",
                "101469798279700203529076404990097667176",
                "181964762258658293988689995639363536399",
                "322395392954427080536059256202836554387",
                "39948716920767008959126946608036224302",
                "187840913028549252431967203722896952222",
                "125552078859191545367941344950217300909",
                "121369259905019013389301371365246629521",
                "120154397558074745200190265920119000501",
                "155863113179777593688297124197974771862",
                "70577557761794057342810401666167711952",
                "304370456389278362385547382602436340537",
                "293725931861664482233485733436764392592",
                "230327064617876284528785403072807096201",
                "276689838303397044980795524889798978745",
                "88349978297431752587105939092195609677",
                "89718011819852926055228363870383010187",
                "4539629686034675437996654207339898840",
                "198466892987831586234187882974170764335",
                "275278422006192060167685483342255455019"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53686-b35c8817",
        "target": {
            "file": "net/handshake/netlink.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82ba0ff7bf0483d962e592017bef659ae022d754",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208720923554512165762367242913706250058",
                "236148329588056445113718911920789642904",
                "140608666145904731029549654317482992837",
                "174672758762829822004985272154503381190",
                "133307976552353033145875391671325969954",
                "170409101039787525264069990165054857115",
                "203544341813890616586608310861015991643",
                "101469798279700203529076404990097667176",
                "181964762258658293988689995639363536399",
                "322395392954427080536059256202836554387",
                "39948716920767008959126946608036224302",
                "187840913028549252431967203722896952222",
                "125552078859191545367941344950217300909",
                "121369259905019013389301371365246629521",
                "120154397558074745200190265920119000501",
                "155863113179777593688297124197974771862",
                "70577557761794057342810401666167711952",
                "304370456389278362385547382602436340537",
                "293725931861664482233485733436764392592",
                "230327064617876284528785403072807096201",
                "276689838303397044980795524889798978745",
                "88349978297431752587105939092195609677",
                "89718011819852926055228363870383010187",
                "4539629686034675437996654207339898840",
                "198466892987831586234187882974170764335",
                "275278422006192060167685483342255455019"
            ]
        },
        "signature_type": "Line"
    }
]

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
6995e2de6891c724bfeb2db33d7b87775f913ad1
Fixed
2ba0babe7865cd5f4fac3d76ad15d9b6131bd283

Affected versions

v6.*
v6.4
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53686.json"