CVE-2023-53167

MEDIUM EPSS 4.2%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracing_err_log_open() Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek' on that opened file, 'seq_lseek' dereferences 'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact. Tracefs node: /sys/kernel/tracing/error_log Example Kernel panic: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 Call trace: mutex_lock+0x30/0x110 seq_lseek+0x34/0xb8 __arm64_sys_lseek+0x6c/0xb8 invoke_syscall+0x58/0x13c el0_svc_common+0xc4/0x10c do_el0_svc+0x24/0x98 el0_svc+0x24/0x88 el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) ---[ end trace 561d1b49c12cf8a5 ]--- Kernel panic - not syncing: Oops: Fatal exception

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.4.251
linuxlinux_kernel*≥5.5  –  <5.10.188
linuxlinux_kernel*≥5.11  –  <5.15.121
linuxlinux_kernel*≥5.16  –  <6.1.40
linuxlinux_kernel*≥6.2  –  <6.4.5

References 6

  • git.kernel.org https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98
    Patch