Fluid Attacks Database

Description

A data race was found in the Linux kernel's networking subsystem. In sock_recv_cmsgs(), the sk->sk_stamp field is read without using READ_ONCE(), while it can be concurrently written by another thread. This load-tearing issue was detected by KCSAN (Kernel Concurrency Sanitizer) during packet socket receive operations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	linux	=6.1.27-1 \|\| >=0 <6.1.37-1	6.1.37-1
debian 11	linux	=5.10.103-1 \|\| =5.10.103-1~bpo10+1 \|\| =5.10.106-1 \|\| =5.10.113-1 \|\| =5.10.120-1 \|\| =5.10.120-1~bpo10+1 \|\| =5.10.127-1 \|\| =5.10.127-2 \|\| =5.10.127-2~bpo10+1 \|\| =5.10.136-1 \|\| =5.10.140-1 \|\| =5.10.148-1 \|\| =5.10.149-1 \|\| =5.10.149-2 \|\| =5.10.158-1 \|\| =5.10.158-2 \|\| =5.10.162-1 \|\| =5.10.178-1 \|\| =5.10.178-2 \|\| =5.10.178-3 \|\| =5.10.179-1 \|\| =5.10.179-2 \|\| =5.10.179-3 \|\| =5.10.179-4 \|\| =5.10.179-5 \|\| =5.10.46-4 \|\| =5.10.46-5 \|\| =5.10.70-1 \|\| =5.10.70-1~bpo10+1 \|\| =5.10.84-1 \|\| =5.10.92-1 \|\| =5.10.92-1~bpo10+1 \|\| =5.10.92-2 \|\| >=0 <5.10.191-1	5.10.191-1
debian 13	linux	>=0 <6.3.7-1	6.3.7-1
debian 14	linux	>=0 <6.3.7-1	6.3.7-1
rpm rhel6	kernel	-	-
rpm rhel8	kernel	-	-
rpm rhel9	kernel	-	-
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-542182. NVD-2023-542183. OSV-DEBIAN-2023-542184. OSV-2023-542185. SECURITY-TRACKER-CVE-2023-54218

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.