CVE-2023-53121

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: tcp_make_synack() can be called from process context

tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context").

tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG:

BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464
caller is tcp_make_synack+0x841/0xac0
Call Trace:
 <TASK>
 dump_stack_lvl+0x10d/0x1a0
 check_preemption_disabled+0x104/0x110
 tcp_make_synack+0x841/0xac0
 tcp_v6_send_synack+0x5c/0x450
 tcp_rtx_synack+0xeb/0x1f0
 inet_rtx_syn_ack+0x34/0x60
 tcp_check_req+0x3af/0x9e0
 tcp_rcv_state_process+0x59b/0x2030
 tcp_v6_do_rcv+0x5f5/0x700
 release_sock+0x3a/0xf0
 tcp_sendmsg+0x33/0x40
 ____sys_sendmsg+0x2f2/0x490
 __sys_sendmsg+0x184/0x230
 do_syscall_64+0x3d/0x90

Avoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use TCP_INC_STATS() which is safe to be called from context switch.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < d493d4fe88195a144d6a277a90062a7534ed2192affected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < e23ca307745be3df7fe9762f3e2a7e311a57852eaffected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < 442aa78ed70188b21ccd8669738448702c0a3281affected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < 77ad58bca0119e8cc3e0e9d91a3f22caa66e4dfaaffected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < ad07290d63ff6689f50565b02f5b6f34ec15a5caaffected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < 9180aa4622a720b433e842b4d3aa34d73eec577aaffected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < 7613cde8c0c1f02a7ec2e1d536c01b65b135fc1caffected
LinuxLinux8336886f786fdacbc19b719c1f7ea91eb70706d4 < bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09affected
LinuxLinux3.7affected
LinuxLinux0 < 3.7unaffected
LinuxLinux4.14.311 <= 4.14.*unaffected
LinuxLinux4.19.279 <= 4.19.*unaffected
LinuxLinux5.4.238 <= 5.4.*unaffected
LinuxLinux5.10.176 <= 5.10.*unaffected
LinuxLinux5.15.104 <= 5.15.*unaffected
LinuxLinux6.1.21 <= 6.1.*unaffected
LinuxLinux6.2.8 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References