CVE-2023-53121 (GCVE-0-2023-53121)

Vulnerability from cvelistv5 – Published: 2025-05-02 15:55 – Updated: 2025-05-04 07:50
VLAI?
Title
tcp: tcp_make_synack() can be called from process context
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG: BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464 caller is tcp_make_synack+0x841/0xac0 Call Trace: <TASK> dump_stack_lvl+0x10d/0x1a0 check_preemption_disabled+0x104/0x110 tcp_make_synack+0x841/0xac0 tcp_v6_send_synack+0x5c/0x450 tcp_rtx_synack+0xeb/0x1f0 inet_rtx_syn_ack+0x34/0x60 tcp_check_req+0x3af/0x9e0 tcp_rcv_state_process+0x59b/0x2030 tcp_v6_do_rcv+0x5f5/0x700 release_sock+0x3a/0xf0 tcp_sendmsg+0x33/0x40 ____sys_sendmsg+0x2f2/0x490 __sys_sendmsg+0x184/0x230 do_syscall_64+0x3d/0x90 Avoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use TCP_INC_STATS() which is safe to be called from context switch.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < d493d4fe88195a144d6a277a90062a7534ed2192 (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < e23ca307745be3df7fe9762f3e2a7e311a57852e (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < 442aa78ed70188b21ccd8669738448702c0a3281 (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < 77ad58bca0119e8cc3e0e9d91a3f22caa66e4dfa (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < ad07290d63ff6689f50565b02f5b6f34ec15a5ca (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < 9180aa4622a720b433e842b4d3aa34d73eec577a (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < 7613cde8c0c1f02a7ec2e1d536c01b65b135fc1c (git)
Affected: 8336886f786fdacbc19b719c1f7ea91eb70706d4 , < bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09 (git)
Create a notification for this product.
    Linux Linux Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 4.14.311 , ≤ 4.14.* (semver)
Unaffected: 4.19.279 , ≤ 4.19.* (semver)
Unaffected: 5.4.238 , ≤ 5.4.* (semver)
Unaffected: 5.10.176 , ≤ 5.10.* (semver)
Unaffected: 5.15.104 , ≤ 5.15.* (semver)
Unaffected: 6.1.21 , ≤ 6.1.* (semver)
Unaffected: 6.2.8 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d493d4fe88195a144d6a277a90062a7534ed2192",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "e23ca307745be3df7fe9762f3e2a7e311a57852e",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "442aa78ed70188b21ccd8669738448702c0a3281",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "77ad58bca0119e8cc3e0e9d91a3f22caa66e4dfa",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "ad07290d63ff6689f50565b02f5b6f34ec15a5ca",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "9180aa4622a720b433e842b4d3aa34d73eec577a",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "7613cde8c0c1f02a7ec2e1d536c01b65b135fc1c",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            },
            {
              "lessThan": "bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09",
              "status": "affected",
              "version": "8336886f786fdacbc19b719c1f7ea91eb70706d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.104",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.311",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.279",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.238",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.176",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.104",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.21",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.8",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: tcp_make_synack() can be called from process context\n\ntcp_rtx_synack() now could be called in process context as explained in\n0a375c822497 (\"tcp: tcp_rtx_synack() can be called from process\ncontext\").\n\ntcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU\nvariables with preemption enabled. This causes the following BUG:\n\n    BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464\n    caller is tcp_make_synack+0x841/0xac0\n    Call Trace:\n     \u003cTASK\u003e\n     dump_stack_lvl+0x10d/0x1a0\n     check_preemption_disabled+0x104/0x110\n     tcp_make_synack+0x841/0xac0\n     tcp_v6_send_synack+0x5c/0x450\n     tcp_rtx_synack+0xeb/0x1f0\n     inet_rtx_syn_ack+0x34/0x60\n     tcp_check_req+0x3af/0x9e0\n     tcp_rcv_state_process+0x59b/0x2030\n     tcp_v6_do_rcv+0x5f5/0x700\n     release_sock+0x3a/0xf0\n     tcp_sendmsg+0x33/0x40\n     ____sys_sendmsg+0x2f2/0x490\n     __sys_sendmsg+0x184/0x230\n     do_syscall_64+0x3d/0x90\n\nAvoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use\nTCP_INC_STATS() which is safe to be called from context switch."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:50:17.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d493d4fe88195a144d6a277a90062a7534ed2192"
        },
        {
          "url": "https://git.kernel.org/stable/c/e23ca307745be3df7fe9762f3e2a7e311a57852e"
        },
        {
          "url": "https://git.kernel.org/stable/c/442aa78ed70188b21ccd8669738448702c0a3281"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ad58bca0119e8cc3e0e9d91a3f22caa66e4dfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad07290d63ff6689f50565b02f5b6f34ec15a5ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/9180aa4622a720b433e842b4d3aa34d73eec577a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7613cde8c0c1f02a7ec2e1d536c01b65b135fc1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09"
        }
      ],
      "title": "tcp: tcp_make_synack() can be called from process context",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53121",
    "datePublished": "2025-05-02T15:55:58.123Z",
    "dateReserved": "2025-05-02T15:51:43.555Z",
    "dateUpdated": "2025-05-04T07:50:17.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.