NVD Vulnerability Detail

CVE-2023-53133

Summary	In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 Code: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20 RSP: 0018:ffff88811b5978b8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768 RDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040 RBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7 R10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800 R13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0 FS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tcp_msg_wait_data+0x279/0x2f0 tcp_bpf_recvmsg_parser+0x3c6/0x490 inet_recvmsg+0x280/0x290 sock_recvmsg+0xfc/0x120 ____sys_recvmsg+0x160/0x3d0 ___sys_recvmsg+0xf0/0x180 __sys_recvmsg+0xea/0x1a0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc The logic in tcp_bpf_recvmsg_parser is as follows: msg_bytes_ready: copied = sk_msg_recvmsg(sk, psock, msg, len, flags); if (!copied) { wait data; goto msg_bytes_ready; } In this case, "copied" always is 0, the infinite loop occurs. According to the Linux system call man page, 0 should be returned in this case. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly return. Also modify several other functions with the same problem.
Publication Date	May 3, 2025, 1:15 a.m.
Registration Date	May 3, 2025, 4 a.m.
Last Update	May 3, 2025, 1:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/4a476285f6d2921c3c9faa494eab83b78f78fc55
2	https://git.kernel.org/stable/c/bf0579989de64d36e177c0611c685dc4a91457a7
3	https://git.kernel.org/stable/c/d900f3d20cc3169ce42ec72acc850e662a4d4db2
4	https://git.kernel.org/stable/c/f45cf3ae3068e70e2c7f3e24a7f8e8aa99511f03

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における無限ループに関する脆弱性

Title	Linux の Linux Kernel における無限ループに関する脆弱性
Summary	Linux の Linux Kernel には、無限ループに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 3, 2023, midnight
Registration Date	Nov. 12, 2025, 2:19 p.m.
Last Update	Nov. 12, 2025, 2:19 p.m.

Affected System

Linux

Linux Kernel 4.20 以上 5.15.103 未満

Linux Kernel 5.16 以上 6.1.20 未満

Linux Kernel 6.2 以上 6.2.7 未満

Linux Kernel 6.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-53133	https://www.cve.org/CVERecord?id=CVE-2023-53133
National Vulnerability Database (NVD)
2	CVE-2023-53133	https://nvd.nist.gov/vuln/detail/CVE-2023-53133

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-835	https://cwe.mitre.org/data/definitions/835.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (4a47628)	https://git.kernel.org/stable/c/4a476285f6d2921c3c9faa494eab83b78f78fc55
2	bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (bf05799)	https://git.kernel.org/stable/c/bf0579989de64d36e177c0611c685dc4a91457a7
3	bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (d900f3d)	https://git.kernel.org/stable/c/d900f3d20cc3169ce42ec72acc850e662a4d4db2
4	bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (f45cf3a)	https://git.kernel.org/stable/c/f45cf3ae3068e70e2c7f3e24a7f8e8aa99511f03
Linux Kernel
5	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2025年11月12日] 掲載	Nov. 12, 2025, 10:44 a.m.