In the Linux kernel, the following vulnerability has been resolved:

net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().

KCSAN found a data race in sock_recv_cmsgs() where the read access
to sk->sk_stamp needs READ_ONCE().

BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg

write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0:
sock_write_timestamp include/net/sock.h:2670 [inline]
sock_recv_cmsgs include/net/sock.h:2722 [inline]
packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5e0/0x630 fs/read_write.c:470
ksys_read+0x163/0x1a0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x41/0x50 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc

read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1:
sock_recv_cmsgs include/net/sock.h:2721 [inline]
packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg+0x11a/0x130 net/socket.c:1040
sock_read_iter+0x176/0x220 net/socket.c:1118
call_read_iter include/linux/fs.h:1845 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5e0/0x630 fs/read_write.c:470
ksys_read+0x163/0x1a0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x41/0x50 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc

value changed: 0xffffffffc4653600 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < fd28692fa182d25e8d26bc1db506648839fde245
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < 564c3150ad357d571a0de7d8b644aa1f7e6e21b7
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < d7343f8de019ebb55b2b6ef79b971f6ceb361a99
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < d06f67b2b8dcd00d995c468428b6bccebc5762d8
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < de260d1e02cde39d317066835ee6e5234fc9f5a8
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < 7145f2309d649ad6273b9f66448321b9b4c523c8
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < 8319220054e5ea5f506d8d4c4b5e234f668ffc3b
6c7c98bad4883a4a8710c96b2b44de482865eb6e affected < dfd9248c071a3710c24365897459538551cb7167
Linux Linux affected
Version Status Constraints
4.12 affected
0 unaffected < 4.12
4.14.316 unaffected ≤ 4.14.*
4.19.284 unaffected ≤ 4.19.*
5.4.244 unaffected ≤ 5.4.*
5.10.181 unaffected ≤ 5.10.*
5.15.113 unaffected ≤ 5.15.*
6.1.30 unaffected ≤ 6.1.*
6.3.4 unaffected ≤ 6.3.*
6.4 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/564c3150ad357d571a0de7d8b644aa1f7e6e21b7 cve-icon cve-icon
https://git.kernel.org/stable/c/7145f2309d649ad6273b9f66448321b9b4c523c8 cve-icon cve-icon
https://git.kernel.org/stable/c/8319220054e5ea5f506d8d4c4b5e234f668ffc3b cve-icon cve-icon
https://git.kernel.org/stable/c/d06f67b2b8dcd00d995c468428b6bccebc5762d8 cve-icon cve-icon
https://git.kernel.org/stable/c/d7343f8de019ebb55b2b6ef79b971f6ceb361a99 cve-icon cve-icon
https://git.kernel.org/stable/c/de260d1e02cde39d317066835ee6e5234fc9f5a8 cve-icon cve-icon
https://git.kernel.org/stable/c/dfd9248c071a3710c24365897459538551cb7167 cve-icon cve-icon
https://git.kernel.org/stable/c/fd28692fa182d25e8d26bc1db506648839fde245 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54218-840c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-54218 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-54218 cve-icon
History

Thu, 01 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Tue, 30 Dec 2025 12:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). KCSAN found a data race in sock_recv_cmsgs() where the read access to sk->sk_stamp needs READ_ONCE(). BUG: KCSAN: data-race in packet_recvmsg / packet_recvmsg write (marked) to 0xffff88803c81f258 of 8 bytes by task 19171 on cpu 0: sock_write_timestamp include/net/sock.h:2670 [inline] sock_recv_cmsgs include/net/sock.h:2722 [inline] packet_recvmsg+0xb97/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc read to 0xffff88803c81f258 of 8 bytes by task 19183 on cpu 1: sock_recv_cmsgs include/net/sock.h:2721 [inline] packet_recvmsg+0xb64/0xd00 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg+0x11a/0x130 net/socket.c:1040 sock_read_iter+0x176/0x220 net/socket.c:1118 call_read_iter include/linux/fs.h:1845 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x5e0/0x630 fs/read_write.c:470 ksys_read+0x163/0x1a0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __x64_sys_read+0x41/0x50 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x72/0xdc value changed: 0xffffffffc4653600 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19183 Comm: syz-executor.5 Not tainted 6.3.0-rc7-02330-gca6270c12e20 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Title net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-12-30T12:11:14.059Z

Reserved: 2025-12-30T12:06:44.501Z

Link: CVE-2023-54218

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-12-30T13:16:10.067

Modified: 2025-12-31T20:42:43.210

Link: CVE-2023-54218

cve-icon Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54218 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.