VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54218

CVE-2023-54218

Description

In the Linux kernel, the following vulnerability has been resolved:

net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().

KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE().

BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg

write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0xffffffffc4653600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A data race in the Linux kernel's sock_recv_cmsgs() function leads to load-tearing on sk->sk_stamp, potentially causing incorrect timestamps.

Vulnerability

A data race was discovered in the Linux kernel's sock_recv_cmsgs() function, where the read access to sk->sk_stamp is performed without using READ_ONCE(). This can result in load-tearing, where the value read is a torn combination of concurrent writes. The issue was detected by the Kernel Concurrency Sanitizer (KCSAN) and affects the packet_recvmsg path in net/packet/af_packet.c [1].

Attack

Vector

The race occurs between two concurrent packet_recvmsg calls: one writing the timestamp via sock_write_timestamp and another reading it in sock_recv_cmsgs. No special privileges are required; any local user able to trigger AF_PACKET socket operations on the same socket can potentially exploit this race [2].

Impact

Load-tearing can cause the timestamp value to be a corrupted blend of old and new values, leading to incorrect timestamps in received messages. This may affect applications relying on accurate packet timestamps, such as network monitoring or time-sensitive protocols. While not directly leading to code execution, it can result in denial of service or data integrity issues [3].

Mitigation

The fix, already merged into the Linux kernel, ensures the read uses READ_ONCE() to prevent load-tearing. The patches are available in the stable kernel repositories referenced below. Users are advised to update to the latest stable kernels that include these commits.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

8
fd28692fa182
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
564c3150ad35
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d7343f8de019
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d06f67b2b8dc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
de260d1e02cd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7145f2309d64
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8319220054e5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
dfd9248c071a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.