CVE-2023-53839

Summary

In the Linux kernel, the following vulnerability has been resolved:

dccp: fix data-race around dp->dccps_mss_cache

dccp_sendmsg() reads dp->dccps_mss_cache before locking the socket. Same thing in do_dccp_getsockopt().

Add READ_ONCE()/WRITE_ONCE() annotations, and change dccp_sendmsg() to check again dccps_mss_cache after socket is locked.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 67eebc7a9217f999b779d46fba5312a716f0dc1daffected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 6d701c95ee6463abcbb6da543060d6e444554135affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < f239c9e1d98b313435481b4926e8bdd06197e4d8affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < a6ddc1c774874dc704f96a99d015dc759627bba7affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < d1f38d313bdfc52fb2f662e66d0c60dd1cfe2384affected
LinuxLinux7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < a47e598fbd8617967e49d85c49c22f9fc642704caffected
LinuxLinux2.6.14affected
LinuxLinux0 < 2.6.14unaffected
LinuxLinux4.14.323 <= 4.14.*unaffected
LinuxLinux4.19.292 <= 4.19.*unaffected
LinuxLinux5.4.254 <= 5.4.*unaffected
LinuxLinux5.10.191 <= 5.10.*unaffected
LinuxLinux5.15.127 <= 5.15.*unaffected
LinuxLinux6.1.46 <= 6.1.*unaffected
LinuxLinux6.4.11 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References