CVE-2023-53075 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0.

Reserved 2025-05-02 | Published 2025-05-02 | Updated 2025-05-04 | Assigner Linux

Product status

Default status

unaffected

9644302e3315e7e36495d230d5ac7125a316d33e before 2de28e5ce34b22b73b833a21e2c45ae3aade3964

affected

9644302e3315e7e36495d230d5ac7125a316d33e before 7569ee04b0e3b32df79f64db3a7138573edad9bc

affected

9644302e3315e7e36495d230d5ac7125a316d33e before ac58b88ccbbb8e9fb83e137cee04a856b1ea6635

affected

9644302e3315e7e36495d230d5ac7125a316d33e before 83c3b2f4e7c61367c7b24551f4c6eb94bbdda283

affected

9644302e3315e7e36495d230d5ac7125a316d33e before 2a0d71fabfeb349216d33f001a6421b1768bd3a9

affected

9644302e3315e7e36495d230d5ac7125a316d33e before 4f84f31f63416b0f02fc146ffdc4ab32723eb7e8

affected

9644302e3315e7e36495d230d5ac7125a316d33e before f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4

affected

9644302e3315e7e36495d230d5ac7125a316d33e before ee92fa443358f4fc0017c1d0d325c27b37802504

affected

Default status

affected

3.5

affected

Any version before 3.5

unaffected

4.14.311

unaffected

4.19.279

unaffected

5.4.238

unaffected

5.10.176

unaffected

5.15.104

unaffected

6.1.21

unaffected

6.2.8

unaffected

6.3

unaffected

References

git.kernel.org/...c/2de28e5ce34b22b73b833a21e2c45ae3aade3964

git.kernel.org/...c/7569ee04b0e3b32df79f64db3a7138573edad9bc

git.kernel.org/...c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635

git.kernel.org/...c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283

git.kernel.org/...c/2a0d71fabfeb349216d33f001a6421b1768bd3a9

git.kernel.org/...c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8

git.kernel.org/...c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4

git.kernel.org/...c/ee92fa443358f4fc0017c1d0d325c27b37802504

cve.org (CVE-2023-53075)

nvd.nist.gov (CVE-2023-53075)

Download JSON