CVE-2023-53375 (GCVE-0-2023-53375)
Vulnerability from cvelistv5
Published
2025-09-18 13:33
Modified
2025-09-18 13:33
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: # cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo Then check for memory leaks: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc The problem is that the error log needs to be freed when the instance is removed.
Impacted products
Vendor Product Version
Linux Linux Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "987f599fc556a4e64c405d8dde32c70311e8c278",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            },
            {
              "lessThan": "6e36373aa5ffa8e00fe7c71b3209f6f17081e552",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            },
            {
              "lessThan": "33d5d4e67a0e13c3ca6257fa67bf6503bc000878",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            },
            {
              "lessThan": "c0cf0f55be043ef67c38f492aa37ed1986d2f6b6",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            },
            {
              "lessThan": "46771c34d6721abfd9e7903eaed2201051eebec6",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            },
            {
              "lessThan": "3357c6e429643231e60447b52ffbb7ac895aca22",
              "status": "affected",
              "version": "2f754e771b1a6feba670782e82c45555984ac43b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.241",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.178",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.107",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.24",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.11",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free error logs of tracing instances\n\nWhen a tracing instance is removed, the error messages that hold errors\nthat occurred in the instance needs to be freed. The following reports a\nmemory leak:\n\n # cd /sys/kernel/tracing\n # mkdir instances/foo\n # echo \u0027hist:keys=x\u0027 \u003e instances/foo/events/sched/sched_switch/trigger\n # cat instances/foo/error_log\n [  117.404795] hist:sched:sched_switch: error: Couldn\u0027t find field\n   Command: hist:keys=x\n                      ^\n # rmdir instances/foo\n\nThen check for memory leaks:\n\n # echo scan \u003e /sys/kernel/debug/kmemleak\n # cat /sys/kernel/debug/kmemleak\nunreferenced object 0xffff88810d8ec700 (size 192):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff  `.ha....`.ha....\n    a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00  .0......\u0026.......\n  backtrace:\n    [\u003c00000000dae26536\u003e] kmalloc_trace+0x2a/0xa0\n    [\u003c00000000b2938940\u003e] tracing_log_err+0x277/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff888170c35a00 (size 32):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74  .  Command: hist\n    3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00  :keys=x.........\n  backtrace:\n    [\u003c000000006a747de5\u003e] __kmalloc+0x4d/0x160\n    [\u003c000000000039df5f\u003e] tracing_log_err+0x29b/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe problem is that the error log needs to be freed when the instance is\nremoved."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T13:33:21.664Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552"
        },
        {
          "url": "https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22"
        }
      ],
      "title": "tracing: Free error logs of tracing instances",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53375",
    "datePublished": "2025-09-18T13:33:21.664Z",
    "dateReserved": "2025-09-17T14:54:09.735Z",
    "dateUpdated": "2025-09-18T13:33:21.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53375\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-18T14:15:40.183\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing: Free error logs of tracing instances\\n\\nWhen a tracing instance is removed, the error messages that hold errors\\nthat occurred in the instance needs to be freed. The following reports a\\nmemory leak:\\n\\n # cd /sys/kernel/tracing\\n # mkdir instances/foo\\n # echo \u0027hist:keys=x\u0027 \u003e instances/foo/events/sched/sched_switch/trigger\\n # cat instances/foo/error_log\\n [  117.404795] hist:sched:sched_switch: error: Couldn\u0027t find field\\n   Command: hist:keys=x\\n                      ^\\n # rmdir instances/foo\\n\\nThen check for memory leaks:\\n\\n # echo scan \u003e /sys/kernel/debug/kmemleak\\n # cat /sys/kernel/debug/kmemleak\\nunreferenced object 0xffff88810d8ec700 (size 192):\\n  comm \\\"bash\\\", pid 869, jiffies 4294950577 (age 215.752s)\\n  hex dump (first 32 bytes):\\n    60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff  `.ha....`.ha....\\n    a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00  .0......\u0026.......\\n  backtrace:\\n    [\u003c00000000dae26536\u003e] kmalloc_trace+0x2a/0xa0\\n    [\u003c00000000b2938940\u003e] tracing_log_err+0x277/0x2e0\\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\\nunreferenced object 0xffff888170c35a00 (size 32):\\n  comm \\\"bash\\\", pid 869, jiffies 4294950577 (age 215.752s)\\n  hex dump (first 32 bytes):\\n    0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74  .  Command: hist\\n    3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00  :keys=x.........\\n  backtrace:\\n    [\u003c000000006a747de5\u003e] __kmalloc+0x4d/0x160\\n    [\u003c000000000039df5f\u003e] tracing_log_err+0x29b/0x2e0\\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\\n\\nThe problem is that the error log needs to be freed when the instance is\\nremoved.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…