fkie_cve-2023-53375
Vulnerability from fkie_nvd
Published
2025-09-18 14:15
Modified
2025-09-19 16:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: # cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo Then check for memory leaks: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc The problem is that the error log needs to be freed when the instance is removed.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free error logs of tracing instances\n\nWhen a tracing instance is removed, the error messages that hold errors\nthat occurred in the instance needs to be freed. The following reports a\nmemory leak:\n\n # cd /sys/kernel/tracing\n # mkdir instances/foo\n # echo \u0027hist:keys=x\u0027 \u003e instances/foo/events/sched/sched_switch/trigger\n # cat instances/foo/error_log\n [  117.404795] hist:sched:sched_switch: error: Couldn\u0027t find field\n   Command: hist:keys=x\n                      ^\n # rmdir instances/foo\n\nThen check for memory leaks:\n\n # echo scan \u003e /sys/kernel/debug/kmemleak\n # cat /sys/kernel/debug/kmemleak\nunreferenced object 0xffff88810d8ec700 (size 192):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff  `.ha....`.ha....\n    a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00  .0......\u0026.......\n  backtrace:\n    [\u003c00000000dae26536\u003e] kmalloc_trace+0x2a/0xa0\n    [\u003c00000000b2938940\u003e] tracing_log_err+0x277/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff888170c35a00 (size 32):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74  .  Command: hist\n    3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00  :keys=x.........\n  backtrace:\n    [\u003c000000006a747de5\u003e] __kmalloc+0x4d/0x160\n    [\u003c000000000039df5f\u003e] tracing_log_err+0x29b/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe problem is that the error log needs to be freed when the instance is\nremoved."
    }
  ],
  "id": "CVE-2023-53375",
  "lastModified": "2025-09-19T16:00:27.847",
  "metrics": {},
  "published": "2025-09-18T14:15:40.183",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.