CVE-2023-52578: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev->stats fields. Handles updates to dev->stats.tx_dropped while we are at it. [1] BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1: br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189 br_nf_hook_thresh+0x1ed/0x220 br_nf_pre_routing_finish_ipv6+0x50f/0x540 NF_HOOK include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre net/bridge/br_input.c:272 [inline] br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417 __netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417 __netif_receive_skb_one_core net/core/dev.c:5521 [inline] __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637 process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0 net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265 kernel/softirq.c:553 run_ksoftirqd+0x17/0x20 kernel/softirq.c:921 smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0: br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189 br_nf_hook_thresh+0x1ed/0x220 br_nf_pre_routing_finish_ipv6+0x50f/0x540 NF_HOOK include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre net/bridge/br_input.c:272 [inline] br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417 __netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417 __netif_receive_skb_one_core net/core/dev.c:5521 [inline] __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637 process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0 net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356 batadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703 worker_thread+0x525/0x730 kernel/workqueue.c:2784 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 value changed: 0x00000000000d7190 -> 0x00000000000d7191 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0
AI Analysis
Technical Summary
CVE-2023-52578 is a concurrency vulnerability identified in the Linux kernel's network bridging code, specifically within the function br_handle_frame_finish() in the net/bridge/br_input.c component. The issue arises due to data races when multiple CPUs concurrently execute this function without proper synchronization, leading to unsynchronized updates of device statistics fields such as dev->stats.tx_dropped. The vulnerability was detected by Kernel Concurrency Sanitizer (KCSAN), which reported simultaneous read-write accesses to the same memory location from different CPUs during interrupt context, indicating a lack of mutual exclusion. The root cause is the absence of SMP-safe (Symmetric Multi-Processing safe) mechanisms when incrementing device statistics counters. The fix involves adopting the SMP-safe macro DEV_STATS_INC() to ensure atomic and thread-safe updates to these statistics fields, preventing race conditions. This vulnerability affects Linux kernel versions prior to the patch and could be triggered in environments where network bridging is used, such as virtualized or containerized infrastructures, or systems employing complex network topologies. Although no known exploits are reported in the wild, the flaw could potentially lead to inconsistent network statistics, kernel instability, or in rare cases, denial of service due to corrupted state in the network stack. The vulnerability does not require user interaction or authentication but depends on the presence of network bridging functionality and concurrent packet processing on SMP systems.
Potential Impact
For European organizations, the impact of CVE-2023-52578 could be significant in environments relying heavily on Linux-based network infrastructure, including data centers, cloud service providers, telecommunications, and enterprises using virtualization or container orchestration platforms like Kubernetes. Inconsistent or corrupted network statistics could impair network monitoring and troubleshooting, potentially delaying detection of other network issues or attacks. More critically, the race condition could cause kernel panics or crashes under high network load, leading to denial of service and service disruption. This is particularly impactful for critical infrastructure sectors such as finance, healthcare, and government services where uptime and network reliability are paramount. Although exploitation does not appear straightforward for privilege escalation or remote code execution, the stability risks alone warrant prompt attention. The vulnerability's exploitation requires the system to have network bridging enabled and to be running on SMP-capable hardware, conditions common in modern enterprise Linux deployments across Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2023-52578. Since the fix involves adopting SMP-safe macros for device statistics updates, kernel updates from trusted Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be applied promptly. For environments where immediate kernel upgrades are challenging, organizations can mitigate risk by disabling network bridging if it is not required or by limiting the number of CPUs handling network bridging tasks to reduce concurrency exposure. Additionally, monitoring kernel logs for anomalies related to br_handle_frame_finish or network bridge errors can provide early warning signs. Network administrators should also validate that network filtering and bridging configurations do not expose unnecessary attack surfaces. In virtualized or containerized environments, ensuring that host kernels are patched is critical as guest OS kernels may rely on host networking. Finally, organizations should integrate this vulnerability into their patch management and vulnerability scanning processes to ensure timely remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2023-52578: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev->stats fields. Handles updates to dev->stats.tx_dropped while we are at it. [1] BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1: br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189 br_nf_hook_thresh+0x1ed/0x220 br_nf_pre_routing_finish_ipv6+0x50f/0x540 NF_HOOK include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre net/bridge/br_input.c:272 [inline] br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417 __netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417 __netif_receive_skb_one_core net/core/dev.c:5521 [inline] __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637 process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0 net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265 kernel/softirq.c:553 run_ksoftirqd+0x17/0x20 kernel/softirq.c:921 smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0: br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189 br_nf_hook_thresh+0x1ed/0x220 br_nf_pre_routing_finish_ipv6+0x50f/0x540 NF_HOOK include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre net/bridge/br_input.c:272 [inline] br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417 __netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417 __netif_receive_skb_one_core net/core/dev.c:5521 [inline] __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637 process_backlog+0x21f/0x380 net/core/dev.c:5965 __napi_poll+0x60/0x3b0 net/core/dev.c:6527 napi_poll net/core/dev.c:6594 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6727 __do_softirq+0xc1/0x265 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356 batadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703 worker_thread+0x525/0x730 kernel/workqueue.c:2784 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 value changed: 0x00000000000d7190 -> 0x00000000000d7191 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0
AI-Powered Analysis
Technical Analysis
CVE-2023-52578 is a concurrency vulnerability identified in the Linux kernel's network bridging code, specifically within the function br_handle_frame_finish() in the net/bridge/br_input.c component. The issue arises due to data races when multiple CPUs concurrently execute this function without proper synchronization, leading to unsynchronized updates of device statistics fields such as dev->stats.tx_dropped. The vulnerability was detected by Kernel Concurrency Sanitizer (KCSAN), which reported simultaneous read-write accesses to the same memory location from different CPUs during interrupt context, indicating a lack of mutual exclusion. The root cause is the absence of SMP-safe (Symmetric Multi-Processing safe) mechanisms when incrementing device statistics counters. The fix involves adopting the SMP-safe macro DEV_STATS_INC() to ensure atomic and thread-safe updates to these statistics fields, preventing race conditions. This vulnerability affects Linux kernel versions prior to the patch and could be triggered in environments where network bridging is used, such as virtualized or containerized infrastructures, or systems employing complex network topologies. Although no known exploits are reported in the wild, the flaw could potentially lead to inconsistent network statistics, kernel instability, or in rare cases, denial of service due to corrupted state in the network stack. The vulnerability does not require user interaction or authentication but depends on the presence of network bridging functionality and concurrent packet processing on SMP systems.
Potential Impact
For European organizations, the impact of CVE-2023-52578 could be significant in environments relying heavily on Linux-based network infrastructure, including data centers, cloud service providers, telecommunications, and enterprises using virtualization or container orchestration platforms like Kubernetes. Inconsistent or corrupted network statistics could impair network monitoring and troubleshooting, potentially delaying detection of other network issues or attacks. More critically, the race condition could cause kernel panics or crashes under high network load, leading to denial of service and service disruption. This is particularly impactful for critical infrastructure sectors such as finance, healthcare, and government services where uptime and network reliability are paramount. Although exploitation does not appear straightforward for privilege escalation or remote code execution, the stability risks alone warrant prompt attention. The vulnerability's exploitation requires the system to have network bridging enabled and to be running on SMP-capable hardware, conditions common in modern enterprise Linux deployments across Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2023-52578. Since the fix involves adopting SMP-safe macros for device statistics updates, kernel updates from trusted Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be applied promptly. For environments where immediate kernel upgrades are challenging, organizations can mitigate risk by disabling network bridging if it is not required or by limiting the number of CPUs handling network bridging tasks to reduce concurrency exposure. Additionally, monitoring kernel logs for anomalies related to br_handle_frame_finish or network bridge errors can provide early warning signs. Network administrators should also validate that network filtering and bridging configurations do not expose unnecessary attack surfaces. In virtualized or containerized environments, ensuring that host kernels are patched is critical as guest OS kernels may rely on host networking. Finally, organizations should integrate this vulnerability into their patch management and vulnerability scanning processes to ensure timely remediation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-02T21:55:42.569Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7d04
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/1/2025, 10:26:45 AM
Last updated: 8/17/2025, 8:05:45 AM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.