CVE-2023-54226

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-54226
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54226.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-54226
Downstream
Related
Published
2025-12-30T12:11:19.522Z
Modified
2026-04-02T09:45:41.744435Z
Summary
af_unix: Fix data races around sk->sk_shutdown.
Details

In the Linux kernel, the following vulnerability has been resolved:

afunix: Fix data races around sk->skshutdown.

KCSAN found a data race around sk->skshutdown where unixreleasesock() and unixshutdown() update it under unixstatelock(), OTOH unixpoll() and unixdgram_poll() read it locklessly.

We need to annotate the writes and reads with WRITEONCE() and READONCE().

BUG: KCSAN: data-race in unixpoll / unixrelease_sock

write to 0xffff88800d0f8aec of 1 bytes by task 264 on cpu 0: unixreleasesock+0x75c/0x910 net/unix/afunix.c:631 unixrelease+0x59/0x80 net/unix/af_unix.c:1042 __sockrelease+0x7d/0x170 net/socket.c:653 sockclose+0x19/0x30 net/socket.c:1397 __fput+0x179/0x5e0 fs/file_table.c:321 ____fput+0x15/0x20 fs/filetable.c:349 taskworkrun+0x116/0x1a0 kernel/taskwork.c:179 resumeusermode_work include/linux/resumeusermode.h:49 [inline] exittousermodeloop kernel/entry/common.c:171 [inline] exittousermodeprepare+0x174/0x180 kernel/entry/common.c:204 _syscallexittousermodework kernel/entry/common.c:286 [inline] syscallexittousermode+0x1a/0x30 kernel/entry/common.c:297 dosyscall64+0x4b/0x90 arch/x86/entry/common.c:86 entrySYSCALL64afterhwframe+0x72/0xdc

read to 0xffff88800d0f8aec of 1 bytes by task 222 on cpu 1: unixpoll+0xa3/0x2a0 net/unix/afunix.c:3170 sockpoll+0xcf/0x2b0 net/socket.c:1385 vfspoll include/linux/poll.h:88 [inline] epitempoll.isra.0+0x78/0xc0 fs/eventpoll.c:855 epsendevents fs/eventpoll.c:1694 [inline] eppoll fs/eventpoll.c:1823 [inline] doepoll_wait+0x6c4/0xea0 fs/eventpoll.c:2258 __dosysepoll_wait fs/eventpoll.c:2270 [inline] __sesysepoll_wait fs/eventpoll.c:2265 [inline] _x64sysepollwait+0xcc/0x190 fs/eventpoll.c:2265 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3b/0x90 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x72/0xdc

value changed: 0x00 -> 0x03

Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 222 Comm: dbus-broker Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54226.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
1c488f4e95b498c977fbeae784983eb4cf6085e8
Fixed
196528ad484443627779540697f4fb0ef0e01c52
Fixed
8307e372e7445ec7d3cd2ff107ce5078eaa02815
Fixed
a41559ae3681975f1ced815d8d4c983b6b938499
Fixed
e410895892f99700ce54347d42c8dbe962eea9f4
Fixed
f237f79b63c9242450e6869adcd2c10445859f28
Fixed
e1d09c2c2f5793474556b60f83900e088d0d366d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54226.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.12
Fixed
4.19.284
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.244
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.181
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.113
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.30
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.3.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54226.json"