CVE-2023-53020

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53020
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53020.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53020
Downstream
Related
Published
2025-03-27T16:43:47.151Z
Modified
2026-03-20T12:32:55.215101Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
l2tp: close all race conditions in l2tp_tunnel_register()
Details

In the Linux kernel, the following vulnerability has been resolved:

l2tp: close all race conditions in l2tptunnelregister()

The code in l2tptunnelregister() is racy in several ways:

  1. It modifies the tunnel socket after publishing it.

  2. It calls setupudptunnel_sock() on an existing socket without locking.

  3. It changes sock lock class on fly, which triggers many syzbot reports.

This patch amends all of them by moving socket initialization code before publishing and under sock lock. As suggested by Jakub, the l2tp lockdep class is not necessary as we can just switch to bhlocksock_nested().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53020.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
37159ef2c1ae1e696b24b260b241209a19f92c60
Fixed
2d77e5c0ad79004b5ef901895437e9cce6dfcc7e
Fixed
77e8ed776cdb1a24b2aab8fe7c6f1f154235e1ce
Fixed
cef0845b6dcfa2f6c2c832e7f9622551456c741d
Fixed
0b2c59720e65885a394a017d0cf9cab118914682

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53020.json"