VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53853

CVE-2023-53853

Description

In the Linux kernel, the following vulnerability has been resolved:

netlink: annotate accesses to nlk->cb_running

Both netlink_recvmsg() and netlink_native_seq_show() read nlk->cb_running locklessly. Use READ_ONCE() there.

Add corresponding WRITE_ONCE() to netlink_dump() and __netlink_dump_start()

syzbot reported: BUG: KCSAN: data-race in __netlink_dump_start / netlink_recvmsg

write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0: __netlink_dump_start+0x3af/0x4d0 net/netlink/af_netlink.c:2399 netlink_dump_start include/linux/netlink.h:308 [inline] rtnetlink_rcv_msg+0x70f/0x8c0 net/core/rtnetlink.c:6130 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2577 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6192 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] sock_write_iter+0x1aa/0x230 net/socket.c:1138 call_write_iter include/linux/fs.h:1851 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x463/0x760 fs/read_write.c:584 ksys_write+0xeb/0x1a0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x42/0x50 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff88813ea4db59 of 1 bytes by task 28222 on cpu 1: netlink_recvmsg+0x3b4/0x730 net/netlink/af_netlink.c:2022 sock_recvmsg_nosec+0x4c/0x80 net/socket.c:1017 ____sys_recvmsg+0x2db/0x310 net/socket.c:2718 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __do_sys_recvmmsg net/socket.c:2958 [inline] __se_sys_recvmmsg net/socket.c:2951 [inline] __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00 -> 0x01

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A data race in the Linux kernel's netlink subsystem, where nlk->cb_running is accessed without proper locking, leading to undefined behavior.

Vulnerability

CVE-2023-53853 is a data race vulnerability in the Linux kernel's netlink subsystem. The issue occurs because the nlk->cb_running field is accessed without proper synchronization in netlink_recvmsg() and netlink_native_seq_show(), while being written in netlink_dump() and __netlink_dump_start(). This lack of atomic or locked access can lead to undefined behavior, as reported by syzbot [1].

Exploitation

An attacker can trigger this race condition by sending a crafted netlink message that initiates a dump operation while simultaneously reading from the same socket. The attack requires the ability to send netlink messages and receive responses, which typically means local access or the ability to interact with netlink sockets from a container or user namespace. No special privileges are needed beyond the ability to open netlink sockets [1].

Impact

Successful exploitation could lead to a kernel crash (denial of service) or potentially other undefined behavior due to the data race. The race condition can cause the kernel to read stale or inconsistent values of cb_running, leading to incorrect control flow in dump operations [1].

Mitigation

The fix involves using READ_ONCE() and WRITE_ONCE() macros to ensure that all accesses to nlk->cb_running are properly annotated, preventing the compiler from optimizing compilers from reordering or caching the value. The patch has been applied to the stable kernel tree [1][1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

8
e25e9d8a210e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
840a647499b0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a507022c862e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f92557f79a60
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1d5c8b01f1df
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a115dadf8995
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
02e7afd659a4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a939d14919b7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.