Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-54006— af_unix: Fix data-race around unix_tot_inflight.

EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-54006

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
af_unix: Fix data-race around unix_tot_inflight.
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-race around unix_tot_inflight. unix_tot_inflight is changed under spin_lock(unix_gc_lock), but unix_release_sock() reads it locklessly. Let's use READ_ONCE() for unix_tot_inflight. Note that the writer side was marked by commit 9d6d7f1cb67c ("af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress") BUG: KCSAN: data-race in unix_inflight / unix_release_sock write (marked) to 0xffffffff871852b8 of 4 bytes by task 123 on cpu 1: unix_inflight+0x130/0x180 net/unix/scm.c:64 unix_attach_fds+0x137/0x1b0 net/unix/scm.c:123 unix_scm_to_skb net/unix/af_unix.c:1832 [inline] unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1955 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0x148/0x160 net/socket.c:747 ____sys_sendmsg+0x4e4/0x610 net/socket.c:2493 ___sys_sendmsg+0xc6/0x140 net/socket.c:2547 __sys_sendmsg+0x94/0x140 net/socket.c:2576 __do_sys_sendmsg net/socket.c:2585 [inline] __se_sys_sendmsg net/socket.c:2583 [inline] __x64_sys_sendmsg+0x45/0x50 net/socket.c:2583 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffffffff871852b8 of 4 bytes by task 4891 on cpu 0: unix_release_sock+0x608/0x910 net/unix/af_unix.c:671 unix_release+0x59/0x80 net/unix/af_unix.c:1058 __sock_release+0x7d/0x170 net/socket.c:653 sock_close+0x19/0x30 net/socket.c:1385 __fput+0x179/0x5e0 fs/file_table.c:321 ____fput+0x15/0x20 fs/file_table.c:349 task_work_run+0x116/0x1a0 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x174/0x180 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x1a/0x30 kernel/entry/common.c:297 do_syscall_64+0x4b/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0x00000000 -> 0x00000001 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 4891 Comm: systemd-coredum Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于对共享变量的无锁访问,可能导致数据竞争。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 9305cfa4443dbfb99faf35c5603ec0c0e91b5ef8 ~ 31b46d5e7c4e295bd112960614a66a177a057dca -
LinuxLinux 2.6.24 -

II. Public POCs for CVE-2023-54006

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-54006

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-12-24 · 322 CVEs total

CVE-2022-50755udf: Avoid double brelse() in udf_rename()
CVE-2022-50765RISC-V: kexec: Fix memory leak of elf header buffer
CVE-2022-50764ipv6/sit: use DEV_STATS_INC() to avoid data-races
CVE-2022-50763crypto: marvell/octeontx - prevent integer overflows
CVE-2022-50762fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst()
CVE-2022-50760drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
CVE-2022-50761x86/xen: Fix memory leak in xen_init_lock_cpu()
CVE-2022-50759media: i2c: ov5648: Free V4L2 fwnode data on unbind
CVE-2022-50758staging: vt6655: fix potential memory leak
CVE-2022-50756nvme-pci: fix mempool alloc size
CVE-2022-50757media: camss: Clean up received buffers on failed start of streaming
CVE-2022-50749acct: fix potential integer overflow in encode_comp_t()
CVE-2022-50746erofs: validate the extent length for uncompressed pclusters
CVE-2022-50747hfs: Fix OOB Write in hfs_asc2mac
CVE-2022-50748ipc: mqueue: fix possible memory leak in init_mqueue_fs()
CVE-2022-50750drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
CVE-2022-50752md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
CVE-2022-50753f2fs: fix to do sanity check on summary info
CVE-2022-50754apparmor: fix a memleak in multi_transaction_new()
CVE-2022-50766btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer

Showing top 20 of 322 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2023-54006

No comments yet

Leave a comment