DEBIAN-CVE-2023-53853

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53853

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53853.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53853

Upstream

CVE-2023-53853

Published

2025-12-09T16:17:25.933Z

Modified

2025-12-10T11:16:51.627020Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk->cbrunning Both netlinkrecvmsg() and netlinknativeseqshow() read nlk->cbrunning locklessly. Use READONCE() there. Add corresponding WRITEONCE() to netlink_dump() and __netlinkdumpstart() syzbot reported: BUG: KCSAN: data-race in __netlinkdumpstart / netlink_recvmsg write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0: __netlinkdumpstart+0x3af/0x4d0 net/netlink/afnetlink.c:2399 netlinkdumpstart include/linux/netlink.h:308 [inline] rtnetlinkrcvmsg+0x70f/0x8c0 net/core/rtnetlink.c:6130 netlinkrcvskb+0x126/0x220 net/netlink/afnetlink.c:2577 rtnetlinkrcv+0x1c/0x20 net/core/rtnetlink.c:6192 netlinkunicastkernel net/netlink/afnetlink.c:1339 [inline] netlinkunicast+0x56f/0x640 net/netlink/afnetlink.c:1365 netlinksendmsg+0x665/0x770 net/netlink/afnetlink.c:1942 socksendmsgnosec net/socket.c:724 [inline] socksendmsg net/socket.c:747 [inline] sockwriteiter+0x1aa/0x230 net/socket.c:1138 callwriteiter include/linux/fs.h:1851 [inline] newsyncwrite fs/readwrite.c:491 [inline] vfswrite+0x463/0x760 fs/readwrite.c:584 ksyswrite+0xeb/0x1a0 fs/readwrite.c:637 __dosyswrite fs/read_write.c:649 [inline] __sesyswrite fs/read_write.c:646 [inline] __x64syswrite+0x42/0x50 fs/readwrite.c:646 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x41/0xc0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd read to 0xffff88813ea4db59 of 1 bytes by task 28222 on cpu 1: netlinkrecvmsg+0x3b4/0x730 net/netlink/afnetlink.c:2022 sockrecvmsg_nosec+0x4c/0x80 net/socket.c:1017 ____sys_recvmsg+0x2db/0x310 net/socket.c:2718 ___sysrecvmsg net/socket.c:2762 [inline] dorecvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __dosysrecvmmsg net/socket.c:2958 [inline] __sesysrecvmmsg net/socket.c:2951 [inline] __x64sysrecvmmsg+0xe2/0x160 net/socket.c:2951 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x41/0xc0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd value changed: 0x00 -> 0x01

References

https://security-tracker.debian.org/tracker/CVE-2023-53853

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.191-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53853.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.37-1

Affected versions

6.*

6.1.27-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53853.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53853.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53853.json"