CVE-2023-53075

HIGH EPSS 5.9%
Published May 2, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥3.5  –  <4.14.311
linuxlinux_kernel*≥4.15  –  <4.19.279
linuxlinux_kernel*≥4.20  –  <5.4.238
linuxlinux_kernel*≥5.5  –  <5.10.176
linuxlinux_kernel*≥5.11  –  <5.15.104
linuxlinux_kernel*≥5.16  –  <6.1.21
linuxlinux_kernel*≥6.2  –  <6.2.8
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4
    Patch