Home

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: # cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo Then check for memory leaks: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc The problem is that the error log needs to be freed when the instance is removed.

PUBLISHED Reserved 2025-09-17 | Published 2025-09-18 | Updated 2025-09-18 | Assigner Linux

Product status

Default status
unaffected

2f754e771b1a6feba670782e82c45555984ac43b (git) before 987f599fc556a4e64c405d8dde32c70311e8c278
affected

2f754e771b1a6feba670782e82c45555984ac43b (git) before 6e36373aa5ffa8e00fe7c71b3209f6f17081e552
affected

2f754e771b1a6feba670782e82c45555984ac43b (git) before 33d5d4e67a0e13c3ca6257fa67bf6503bc000878
affected

2f754e771b1a6feba670782e82c45555984ac43b (git) before c0cf0f55be043ef67c38f492aa37ed1986d2f6b6
affected

2f754e771b1a6feba670782e82c45555984ac43b (git) before 46771c34d6721abfd9e7903eaed2201051eebec6
affected

2f754e771b1a6feba670782e82c45555984ac43b (git) before 3357c6e429643231e60447b52ffbb7ac895aca22
affected

Default status
affected

5.2
affected

Any version before 5.2
unaffected

5.4.241 (semver)
unaffected

5.10.178 (semver)
unaffected

5.15.107 (semver)
unaffected

6.1.24 (semver)
unaffected

6.2.11 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/987f599fc556a4e64c405d8dde32c70311e8c278

git.kernel.org/...c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552

git.kernel.org/...c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878

git.kernel.org/...c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6

git.kernel.org/...c/46771c34d6721abfd9e7903eaed2201051eebec6

git.kernel.org/...c/3357c6e429643231e60447b52ffbb7ac895aca22

cve.org (CVE-2023-53375)

nvd.nist.gov (CVE-2023-53375)

Download JSON