{"id":"CVE-2023-53204","summary":"af_unix: Fix data-races around user-\u003eunix_inflight.","details":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data-races around user-\u003eunix_inflight.\n\nuser-\u003eunix_inflight is changed under spin_lock(unix_gc_lock),\nbut too_many_unix_fds() reads it locklessly.\n\nLet's annotate the write/read accesses to user-\u003eunix_inflight.\n\nBUG: KCSAN: data-race in unix_attach_fds / unix_inflight\n\nwrite to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:\n unix_inflight+0x157/0x180 net/unix/scm.c:66\n unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nread to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:\n too_many_unix_fds net/unix/scm.c:101 [inline]\n unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nvalue changed: 0x000000000000000c -\u003e 0x000000000000000d\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014","modified":"2026-04-02T09:43:47.964625Z","published":"2025-09-15T14:21:32.696Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4189-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53204.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03d133dfbcec9d439729cc64706c7eb6d1663a24"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0bc36c0650b21df36fbec8136add83936eaf0607"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9151ed4b006125cba7c06c79df504340ea4e9386"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac92f239a079678a035c0faad9089354a874aede"},{"type":"WEB","url":"https://git.kernel.org/stable/c/adcf4e069358cdee8593663650ea447215a1c49e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b401d7e485b0a234cf8fe9a6ae99dbcd20863138"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b9cdbb38e030fc2fe97fe27b54cbb6b4fbff250f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df97b5ea9f3ac9308c3a633524dab382cd59d9e5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53204.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53204"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"712f4aad406bb1ed67f3f98d04c044191f0ff593"},{"fixed":"df97b5ea9f3ac9308c3a633524dab382cd59d9e5"},{"fixed":"03d133dfbcec9d439729cc64706c7eb6d1663a24"},{"fixed":"adcf4e069358cdee8593663650ea447215a1c49e"},{"fixed":"b401d7e485b0a234cf8fe9a6ae99dbcd20863138"},{"fixed":"9151ed4b006125cba7c06c79df504340ea4e9386"},{"fixed":"b9cdbb38e030fc2fe97fe27b54cbb6b4fbff250f"},{"fixed":"ac92f239a079678a035c0faad9089354a874aede"},{"fixed":"0bc36c0650b21df36fbec8136add83936eaf0607"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"a5a6cf8c405e826ff7ed1308dde72560c0ed4854"},{"last_affected":"df87da0783c4492b944badfea9d5c3c56b834697"},{"last_affected":"3d024dcef2548028e9f9b7876a544e6e0af00175"},{"last_affected":"aa51d1c24ec3b6605f7cc7ef500c96cd71d7ef90"},{"last_affected":"a5b9e44af8d3edaf49d14a91cc519a9fba439e67"},{"last_affected":"dc6b0ec667f67d4768e72c1b7f1bbc14ea52379c"},{"last_affected":"9b8b611fe0f86f07a4ff4a5f3bcb0ea7ceb7da3b"},{"last_affected":"5e226f9689d90ad8ab21b4a969ae3058777f0aff"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53204.json"}}],"schema_version":"1.7.5"}