CVE-2023-53825
中文标题:
(暂无数据)
英文标题:
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
漏洞描述
中文描述:
(暂无数据)
英文描述:
In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating kcm_tx_msg(head)->last_skb if partial data is copied so that the following sendmsg() will resume from the skb. However, we cannot know how many bytes were copied when we get the error. Thus, we could mess up the MSG_MORE queue. When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we do so for UDP by udp_flush_pending_frames(). Even without this change, when the error occurred, the following sendmsg() resumed from a wrong skb and the queue was messed up. However, we have yet to get such a report, and only syzkaller stumbled on it. So, this can be changed safely. Note this does not change SOCK_SEQPACKET behaviour.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | - | < 21b467735b0888a8daa048f83d3b9b50fdab71ce | - |
cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
|
| Linux | Linux | 4.6 | - | - |
cpe:2.3:a:linux:linux:4.6:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
NOT_EXTRACTED
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-53825 |
2025-12-09 02:14:37 | 2026-01-12 02:08:59 |
| NVD | nvd_CVE-2023-53825 |
2025-12-10 04:21:16 | 2026-01-12 02:26:59 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 9 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']