CVE-2023-53167
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix null pointer dereference in tracing_err_log_open()
Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek' on that opened file, 'seq_lseek' dereferences 'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact.
Tracefs node: /sys/kernel/tracing/error_log
Example Kernel panic:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 Call trace: mutex_lock+0x30/0x110 seq_lseek+0x34/0xb8 __arm64_sys_lseek+0x6c/0xb8 invoke_syscall+0x58/0x13c el0_svc_common+0xc4/0x10c do_el0_svc+0x24/0x98 el0_svc+0x24/0x88 el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) —[ end trace 561d1b49c12cf8a5 ]— Kernel panic - not syncing: Oops: Fatal exception
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 93114cbc7cb169f6f26eeaed5286b91bb86b463b | affected |
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 7060e5aac6dc195124c106f49106d653a416323a | affected |
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 3b5d9b7b875968a8a8c99dac45cb85b705c44802 | affected |
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 938d5b7a75e18264887387ddf9169db6d8aeef98 | affected |
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276 | affected |
| Linux | Linux | 8a062902be725f647dc8da532b04d836546a369a < 02b0095e2fbbc060560c1065f86a211d91e27b26 | affected |
| Linux | Linux | 5.2 | affected |
| Linux | Linux | 0 < 5.2 | unaffected |
| Linux | Linux | 5.4.251 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.188 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.121 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.40 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.5 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b
- https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a
- https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802
- https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98
- https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276
- https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.