Executive Summary

Informations
Name CVE-2023-53020 First vendor Publication 2025-03-27
Vendor Cve Last vendor Modification 2025-03-28

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

l2tp: close all race conditions in l2tp_tunnel_register()

The code in l2tp_tunnel_register() is racy in several ways:

1. It modifies the tunnel socket _after_ publishing it.

2. It calls setup_udp_tunnel_sock() on an existing socket without
locking.

3. It changes sock lock class on fly, which triggers many syzbot
reports.

This patch amends all of them by moving socket initialization code before publishing and under sock lock. As suggested by Jakub, the l2tp lockdep class is not necessary as we can just switch to bh_lock_sock_nested().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53020

Sources (Detail)

https://git.kernel.org/stable/c/0b2c59720e65885a394a017d0cf9cab118914682
https://git.kernel.org/stable/c/2d77e5c0ad79004b5ef901895437e9cce6dfcc7e
https://git.kernel.org/stable/c/77e8ed776cdb1a24b2aab8fe7c6f1f154235e1ce
https://git.kernel.org/stable/c/cef0845b6dcfa2f6c2c832e7f9622551456c741d
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-03-31 13:20:36
  • Multiple Updates
2025-03-27 21:20:35
  • First insertion