| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123024-CVE-2023-54211-09e7@gregkh>
Date: Tue, 30 Dec 2025 13:13:41 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54211: tracing: Fix warning in trace_buffered_event_disable()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix warning in trace_buffered_event_disable()
Warning happened in trace_buffered_event_disable() at
WARN_ON_ONCE(!trace_buffered_event_ref)
Call Trace:
? __warn+0xa5/0x1b0
? trace_buffered_event_disable+0x189/0x1b0
__ftrace_event_enable_disable+0x19e/0x3e0
free_probe_data+0x3b/0xa0
unregister_ftrace_function_probe_func+0x6b8/0x800
event_enable_func+0x2f0/0x3d0
ftrace_process_regex.isra.0+0x12d/0x1b0
ftrace_filter_write+0xe6/0x140
vfs_write+0x1c9/0x6f0
[...]
The cause of the warning is in __ftrace_event_enable_disable(),
trace_buffered_event_enable() was called once while
trace_buffered_event_disable() was called twice.
Reproduction script show as below, for analysis, see the comments:
```
#!/bin/bash
cd /sys/kernel/tracing/
# 1. Register a 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was set;
# 2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
# 2. Enable the event registered, then:
# 1) SOFT_DISABLED_BIT was cleared;
# 2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable
# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
# set again!!!
cat /proc/cmdline
# 4. Unregister the 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was cleared again;
# 2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
```
To fix it, IIUC, we can change to call trace_buffered_event_enable() at
fist time soft-mode enabled, and call trace_buffered_event_disable() at
last time soft-mode disabled.
The Linux kernel CVE team has assigned CVE-2023-54211 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 4.14.322 with commit 1488d782c9e43087a3f341b8186cd25f3cf75583
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 4.19.291 with commit b4f4ab423107dc1ba8e9cc6488c645be6403d3f5
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 5.4.253 with commit cdcc35e6454133feb61561b4e0d0c80e52cbc2ba
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 5.10.190 with commit a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 5.15.124 with commit 813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 6.1.43 with commit a3a3c7bddab9b6c5690b20796ef5e332b8c48afb
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 6.4.8 with commit 528c9d73153754defb748f0b96ad33308668d817
Issue introduced in 4.7 with commit 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 and fixed in 6.5 with commit dea499781a1150d285c62b26659f62fb00824fce
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54211
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/trace/trace_events.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583
https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5
https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba
https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074
https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20
https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb
https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817
https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce
Powered by blists - more mailing lists