CVE-2023-53824
Description
In the Linux kernel, the following vulnerability has been resolved:
netlink: annotate lockless accesses to nlk->max_recvmsg_len
syzbot reported a data-race in data-race in netlink_recvmsg() [1]
Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection.
[1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0: netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] __sys_recvfrom+0x1ee/0x2e0 net/socket.c:2194 __do_sys_recvfrom net/socket.c:2212 [inline] __se_sys_recvfrom net/socket.c:2208 [inline] __x64_sys_recvfrom+0x78/0x90 net/socket.c:2208 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
write to 0xffff888141840b38 of 8 bytes by task 23037 on cpu 1: netlink_recvmsg+0x114/0x730 net/netlink/af_netlink.c:1989 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] ____sys_recvmsg+0x156/0x310 net/socket.c:2720 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __do_sys_recvmmsg net/socket.c:2958 [inline] __se_sys_recvmmsg net/socket.c:2951 [inline] __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x0000000000000000 -> 0x0000000000001000
Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 23037 Comm: syz-executor.2 Not tainted 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A data race in the Linux kernel's netlink subsystem due to unsynchronized access to nlk->max_recvmsg_len can lead to unexpected behavior.
Vulnerability
CVE-2023-53824 is a data race vulnerability in the Linux kernel's netlink subsystem. The root cause is that the field nlk->max_recvmsg_len in the netlink socket structure is accessed without proper locking or atomic operations in the netlink_recvmsg() function. This allows concurrent reads and writes to the same memory location from different CPU cores, as demonstrated by the Kernel Concurrency Sanitizer (KCSAN) report [1].
Exploitation
The race condition occurs when multiple threads call netlink_recvmsg() simultaneously. The kernel's data sanitizer observed a read on one CPU while a write was performed on another CPU, with the value changing from 0 to 0x1000. Exploitation does not require any special privileges beyond the ability to create and use netlink sockets, which is available to unprivileged users in many configurations. An attacker could trigger the race by arranging for concurrent recvmsg calls on the same netlink socket.
Impact
A successful exploit could lead to a kernel data corruption, potentially causing a denial of service (system crash) or enabling an attacker to escalate privileges. The impact is considered moderate with a CVSS base score of 5.5 (medium severity) due to the requirement for local access and the potential for availability and confidentiality impacts.
Mitigation
The vulnerability was fixed in the Linux kernel by adding appropriate annotations for lockless access, ensuring the field max_recvmsg_len is read and written using atomic operations or under proper synchronization. Patches were applied to the stable kernel branches as referenced [1], [2]. Users are advised to update their kernels to the latest patched versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
505c9e3fc93b07cff4103be7ce3bcf2a77060fc4ba13013dda1865f2e7d10Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/05c9e3fc93b02d18c3ab258d43350a6d44b40bbdnvd
- git.kernel.org/stable/c/7cff4103be7c402ecc3e7bf8f95a64089e3c91b8nvd
- git.kernel.org/stable/c/a1865f2e7d10dde00d35a2122b38d2e469ae67ednvd
- git.kernel.org/stable/c/e3bcf2a77060bea4d8d09cb09d92c7056f07df5anvd
- git.kernel.org/stable/c/fc4ba13013ddaea8b11b88fd52b35449e2d9cf85nvd
News mentions
0No linked articles in our index yet.