CVE-2023-53375

MEDIUM EPSS 4.2%
Published Sep 18, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: # cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo Then check for memory leaks: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc The problem is that the error log needs to be freed when the instance is removed.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.4.241
linuxlinux_kernel*≥5.5  –  <5.10.178
linuxlinux_kernel*≥5.11  –  <5.15.107
linuxlinux_kernel*≥5.16  –  <6.1.24
linuxlinux_kernel*≥6.2  –  <6.2.11
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6
    Patch