| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091626-CVE-2023-53290-34e0@gregkh> Date: Tue, 16 Sep 2025 10:11:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53290: samples/bpf: Fix fout leak in hbm's run_bpf_prog From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's run_bpf_prog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope. The Linux kernel CVE team has assigned CVE-2023-53290 to this issue. Affected and fixed versions =========================== Fixed in 5.4.244 with commit a7ec2f424f6edad34651137783a0a59eca9aa37e Fixed in 5.10.181 with commit 7560ed6592ff4077528c239c71e91b19de985b97 Fixed in 5.15.113 with commit e3e6e252d74f20f6fc610c7fef3ae7dda0109a6f Fixed in 6.1.30 with commit f2065b8b0a215bc6aa061287a2e3d9eab2446422 Fixed in 6.3.4 with commit edf37bc8b03d3f948e679b2fd2d14464495f5d1b Fixed in 6.4 with commit 23acb14af1914010dd0aae1bbb7fab28bf518b8e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53290 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: samples/bpf/hbm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a7ec2f424f6edad34651137783a0a59eca9aa37e https://git.kernel.org/stable/c/7560ed6592ff4077528c239c71e91b19de985b97 https://git.kernel.org/stable/c/e3e6e252d74f20f6fc610c7fef3ae7dda0109a6f https://git.kernel.org/stable/c/f2065b8b0a215bc6aa061287a2e3d9eab2446422 https://git.kernel.org/stable/c/edf37bc8b03d3f948e679b2fd2d14464495f5d1b https://git.kernel.org/stable/c/23acb14af1914010dd0aae1bbb7fab28bf518b8e
Powered by blists - more mailing lists