CVE-2023-52578: net: bridge: use DEV_STATS_INC()

Published Mar 2, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use DEVSTATSINC()

syzbot/KCSAN reported data-races in brhandleframefinish() [1] This function can run from multiple cpus without mutual exclusion.

Adopt SMP safe DEVSTATSINC() to update dev->stats fields.

Handles updates to dev->stats.txdropped while we are at it.

[1] BUG: KCSAN: data-race in brhandleframefinish / brhandleframefinish

read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1: brhandleframefinish+0xd4f/0xef0 net/bridge/brinput.c:189 brnfhookthresh+0x1ed/0x220 brnfpreroutingfinishipv6+0x50f/0x540 NFHOOK include/linux/netfilter.h:304 [inline] brnfpreroutingipv6+0x1e3/0x2a0 net/bridge/brnetfilteripv6.c:178 brnfprerouting+0x526/0xba0 net/bridge/brnetfilterhooks.c:508 nfhookentryhookfn include/linux/netfilter.h:144 [inline] nfhookbridgepre net/bridge/brinput.c:272 [inline] brhandleframe+0x4c9/0x940 net/bridge/brinput.c:417 netifreceiveskbcore+0xa8a/0x21e0 net/core/dev.c:5417 netifreceiveskbonecore net/core/dev.c:5521 [inline] netifreceiveskb+0x57/0x1b0 net/core/dev.c:5637 processbacklog+0x21f/0x380 net/core/dev.c:5965 napipoll+0x60/0x3b0 net/core/dev.c:6527 napipoll net/core/dev.c:6594 [inline] netrxaction+0x32b/0x750 net/core/dev.c:6727 dosoftirq+0xc1/0x265 kernel/softirq.c:553 runksoftirqd+0x17/0x20 kernel/softirq.c:921 smpbootthreadfn+0x30a/0x4a0 kernel/smpboot.c:164 kthread+0x1d7/0x210 kernel/kthread.c:388 retfromfork+0x48/0x60 arch/x86/kernel/process.c:147 retfromforkasm+0x11/0x20 arch/x86/entry/entry64.S:304

read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0: brhandleframefinish+0xd4f/0xef0 net/bridge/brinput.c:189 brnfhookthresh+0x1ed/0x220 brnfpreroutingfinishipv6+0x50f/0x540 NFHOOK include/linux/netfilter.h:304 [inline] brnfpreroutingipv6+0x1e3/0x2a0 net/bridge/brnetfilteripv6.c:178 brnfprerouting+0x526/0xba0 net/bridge/brnetfilterhooks.c:508 nfhookentryhookfn include/linux/netfilter.h:144 [inline] nfhookbridgepre net/bridge/brinput.c:272 [inline] brhandleframe+0x4c9/0x940 net/bridge/brinput.c:417 netifreceiveskbcore+0xa8a/0x21e0 net/core/dev.c:5417 netifreceiveskbonecore net/core/dev.c:5521 [inline] netifreceiveskb+0x57/0x1b0 net/core/dev.c:5637 processbacklog+0x21f/0x380 net/core/dev.c:5965 napipoll+0x60/0x3b0 net/core/dev.c:6527 napipoll net/core/dev.c:6594 [inline] netrxaction+0x32b/0x750 net/core/dev.c:6727 dosoftirq+0xc1/0x265 kernel/softirq.c:553 dosoftirq+0x5e/0x90 kernel/softirq.c:454 localbhenableip+0x64/0x70 kernel/softirq.c:381 rawspinunlockbh include/linux/spinlockapismp.h:167 [inline] rawspinunlockbh+0x36/0x40 kernel/locking/spinlock.c:210 spinunlockbh include/linux/spinlock.h:396 [inline] batadvttlocalpurge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356 batadvttpurge+0x2b/0x630 net/batman-adv/translation-table.c:3560 processonework kernel/workqueue.c:2630 [inline] processscheduledworks+0x5b8/0xa30 kernel/workqueue.c:2703 workerthread+0x525/0x730 kernel/workqueue.c:2784 kthread+0x1d7/0x210 kernel/kthread.c:388 retfromfork+0x48/0x60 arch/x86/kernel/process.c:147 retfromforkasm+0x11/0x20 arch/x86/entry/entry64.S:304

value changed: 0x00000000000d7190 -> 0x00000000000d7191

Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0

Other sources

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use DEVSTATSINC()

The Linux kernel CVE team has assigned CVE-2023-52578 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52578-50cb@gregkh/T/#u

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by an error related to using DEVSTATSINC(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

20 affected componentsFixes available
redhat/kernel<4.19.296
4.19.296
redhat/kernel<5.4.258
5.4.258
redhat/kernel<5.10.198
5.10.198
redhat/kernel<5.15.134
5.15.134
redhat/kernel<6.1.56
6.1.56
redhat/kernel<6.5.6
6.5.6
redhat/kernel<6.6
6.6
Linux Linux kernel>=2.6.17<4.19.296
Linux Linux kernel>=4.20<5.4.258
Linux Linux kernel>=5.5<5.10.198
Linux Linux kernel>=5.11<5.15.134
Linux Linux kernel>=5.16<6.1.56
Linux Linux kernel>=6.2<6.5.6
Linux Linux kernel=6.6-rc1
Linux Linux kernel=6.6-rc2
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1

Remediation

Patch Available

https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd

Patch Available

https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4

Patch Available

https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2

Patch Available

https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394

Patch Available

https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5

Patch Available

https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839

Patch Available

https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa

Event History

Mar 2, 2024
CVE Published
via MITRE·09:59 PM
Data Sourced
via MITRE·09:59 PM
Description
Mar 4, 2024
Data Sourced
via Red Hat·06:06 PM
DescriptionSeverityAffected Software
Nov 20, 2024
Data Sourced
via Launchpad·12:23 AM
Description
Apr 30, 2025
Data Sourced
via Ubuntu·11:51 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52578?

CVE-2023-52578 has a high severity rating due to the potential for data races in the Linux kernel.

2

How do I fix CVE-2023-52578?

To remediate CVE-2023-52578, upgrade to the patched kernel versions provided by your distribution, such as kernel 4.19.296 or 5.4.258 for Red Hat.

3

Which Linux kernel versions are affected by CVE-2023-52578?

CVE-2023-52578 affects multiple Linux kernel versions up to 6.6, including significant versions like 4.19.x and 5.10.x.

4

Is CVE-2023-52578 a critical vulnerability?

While not labeled as critical, CVE-2023-52578 poses serious risks as it can allow concurrent execution without mutual exclusion in the kernel.

5

What components are impacted by CVE-2023-52578?

CVE-2023-52578 specifically impacts the net bridge components in the Linux kernel during frame processing.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203