| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091553-CVE-2023-53167-3fb7@gregkh> Date: Mon, 15 Sep 2025 16:02:21 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53167: tracing: Fix null pointer dereference in tracing_err_log_open() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracing_err_log_open() Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek' on that opened file, 'seq_lseek' dereferences 'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact. Tracefs node: /sys/kernel/tracing/error_log Example Kernel panic: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 Call trace: mutex_lock+0x30/0x110 seq_lseek+0x34/0xb8 __arm64_sys_lseek+0x6c/0xb8 invoke_syscall+0x58/0x13c el0_svc_common+0xc4/0x10c do_el0_svc+0x24/0x98 el0_svc+0x24/0x88 el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) ---[ end trace 561d1b49c12cf8a5 ]--- Kernel panic - not syncing: Oops: Fatal exception The Linux kernel CVE team has assigned CVE-2023-53167 to this issue. Affected and fixed versions =========================== Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 5.4.251 with commit 93114cbc7cb169f6f26eeaed5286b91bb86b463b Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 5.10.188 with commit 7060e5aac6dc195124c106f49106d653a416323a Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 5.15.121 with commit 3b5d9b7b875968a8a8c99dac45cb85b705c44802 Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 6.1.40 with commit 938d5b7a75e18264887387ddf9169db6d8aeef98 Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 6.4.5 with commit 1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276 Issue introduced in 5.2 with commit 8a062902be725f647dc8da532b04d836546a369a and fixed in 6.5 with commit 02b0095e2fbbc060560c1065f86a211d91e27b26 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53167 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/trace.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802 https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98 https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276 https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26
Powered by blists - more mailing lists