CVE-2023-53825
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating kcm_tx_msg(head)->last_skb if partial data is copied so that the following sendmsg() will resume from the skb. However, we cannot know how many bytes were copied when we get the error. Thus, we could mess up the MSG_MORE queue. When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we do so for UDP by udp_flush_pending_frames(). Even without this change, when the error occurred, the following sendmsg() resumed from a wrong skb and the queue was messed up. However, we have yet to get such a report, and only syzkaller stumbled on it. So, this can be changed safely. Note this does not change SOCK_SEQPACKET behaviour.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-10
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53825
EUVD
EUVD-2023-60171
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed in the Linux kernel by correcting error handling in kcm_sendmsg() for SOCK_DGRAM sockets. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix (commit c821a88bd720 or later).


Can you explain this vulnerability to me?

This vulnerability is a memory leak issue in the Linux kernel's kcm_sendmsg() function when handling SOCK_DGRAM sockets. Specifically, when an error occurs during sending a message, the function does not properly purge the message queue, which can cause the queue to become corrupted or 'messed up'. The problem arises because the code cannot determine how many bytes were copied before the error, leading to incorrect handling of the message queue. This issue was found by syzkaller and fixed by ensuring the queue is purged on error, similar to how UDP handles it.


How can this vulnerability impact me? :

The impact of this vulnerability is that the message queue for SOCK_DGRAM sockets in the kernel could become corrupted after an error in sending a message. This could potentially lead to unexpected behavior in applications relying on these sockets, such as message loss or incorrect message sequencing. However, there have been no reports of this issue causing problems in the wild, and it was primarily discovered through automated testing (syzkaller).


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart