| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120941-CVE-2023-53793-0dc1@gregkh>
Date: Tue, 9 Dec 2025 09:02:14 +0900
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53793: perf tool x86: Fix perf_env memory leak
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
perf tool x86: Fix perf_env memory leak
Found by leak sanitizer:
```
==1632594==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 21 byte(s) in 1 object(s) allocated from:
#0 0x7f2953a7077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439
#1 0x556701d6fbbf in perf_env__read_cpuid util/env.c:369
#2 0x556701d70589 in perf_env__cpuid util/env.c:465
#3 0x55670204bba2 in x86__is_amd_cpu arch/x86/util/env.c:14
#4 0x5567020487a2 in arch__post_evsel_config arch/x86/util/evsel.c:83
#5 0x556701d8f78b in evsel__config util/evsel.c:1366
#6 0x556701ef5872 in evlist__config util/record.c:108
#7 0x556701cd6bcd in test__PERF_RECORD tests/perf-record.c:112
#8 0x556701cacd07 in run_test tests/builtin-test.c:236
#9 0x556701cacfac in test_and_print tests/builtin-test.c:265
#10 0x556701cadddb in __cmd_test tests/builtin-test.c:402
#11 0x556701caf2aa in cmd_test tests/builtin-test.c:559
#12 0x556701d3b557 in run_builtin tools/perf/perf.c:323
#13 0x556701d3bac8 in handle_internal_command tools/perf/perf.c:377
#14 0x556701d3be90 in run_argv tools/perf/perf.c:421
#15 0x556701d3c3f8 in main tools/perf/perf.c:537
#16 0x7f2952a46189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s).
```
The Linux kernel CVE team has assigned CVE-2023-53793 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.1 with commit f7b58cbdb3ff36eba8622e67eee66c10dd1c9995 and fixed in 6.1.39 with commit 75d65c1cc439606ada882755fd205d13c2c7907d
Issue introduced in 6.1 with commit f7b58cbdb3ff36eba8622e67eee66c10dd1c9995 and fixed in 6.3.13 with commit 010139bfc6bb9ddab81dbc2cf71cd3a9c28adc7f
Issue introduced in 6.1 with commit f7b58cbdb3ff36eba8622e67eee66c10dd1c9995 and fixed in 6.4.4 with commit f3daf02a41e3c11e1a473517a8a6169248fb8e7b
Issue introduced in 6.1 with commit f7b58cbdb3ff36eba8622e67eee66c10dd1c9995 and fixed in 6.5 with commit 99d4850062a84564f36923764bb93935ef2ed108
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53793
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
tools/perf/arch/x86/util/env.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/75d65c1cc439606ada882755fd205d13c2c7907d
https://git.kernel.org/stable/c/010139bfc6bb9ddab81dbc2cf71cd3a9c28adc7f
https://git.kernel.org/stable/c/f3daf02a41e3c11e1a473517a8a6169248fb8e7b
https://git.kernel.org/stable/c/99d4850062a84564f36923764bb93935ef2ed108
Powered by blists - more mailing lists