Data Race Vulnerability in Linux Kernel's DCCP Implementation
CVE-2023-53839

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2023-53839?

A vulnerability has been identified in the DCCP (Datagram Congestion Control Protocol) implementation within the Linux kernel, where improper synchronization can lead to data races during socket operations. Specifically, the function dccp_sendmsg() reads the MSS cache before the socket is locked, which may cause inconsistency if simultaneous access occurs. This issue has been addressed by introducing READ_ONCE() and WRITE_ONCE() annotations and ensuring a subsequent check of the MSS cache post-locking. It is crucial for system administrators to apply the latest patches to mitigate potential exploitation.

Affected Version(s)

Linux 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 162fa1e3cfb62aa780d7c40c8cccb6c2f8bef7c1

Linux 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 2bdc7f272b3a110a4e1fdee6c47c8d20f9b20817

Linux 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c < 67eebc7a9217f999b779d46fba5312a716f0dc1d

References

https://git.kernel.org/stable/c/162fa1e3cfb62aa780d7c40c8...

https://git.kernel.org/stable/c/2bdc7f272b3a110a4e1fdee6c...

https://git.kernel.org/stable/c/67eebc7a9217f999b779d46fb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

JSON