CVE-2023-53221
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memleak due to fentry attach failure
If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms.
This meamleak can be verified by a simple bpf program as follows:
SEC("fentry/trap_init") int fentry_run() { return 0; }
It will fail to attach trap_init because this function is freed after kernel init, and then we can find the trampoline image is left in the system by checking /proc/kallsyms.
$ tail /proc/kallsyms ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf] ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]
$ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trap_init'" [2522] FUNC 'trap_init' type_id=119 linkage=static
$ echo $((6442453466 & 0x7fffffff)) 2522
Note that there are two left bpf trampoline images, that is because the libbpf will fallback to raw tracepoint if -EINVAL is returned.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | e21aa341785c679dd409c8cb71f864c00fe6c463 < 20109ddd5bea2c24d790debf5d02584ef24c3f5e | affected |
| Linux | Linux | e21aa341785c679dd409c8cb71f864c00fe6c463 < f72c67d1a82dada7d6d504c806e111e913721a30 | affected |
| Linux | Linux | e21aa341785c679dd409c8cb71f864c00fe6c463 < 6aa27775db63ba8c7c73891c7dfb71ddc230c48d | affected |
| Linux | Linux | e21aa341785c679dd409c8cb71f864c00fe6c463 < 108598c39eefbedc9882273ac0df96127a629220 | affected |
| Linux | Linux | e21d2b92354b3cd25dd774ebb0f0e52ff04a7861 | affected |
| Linux | Linux | 85d177f56e5256e14b74a65940f981f6e3e8bb32 | affected |
| Linux | Linux | 5.10.28 < 5.11 | affected |
| Linux | Linux | 5.11.11 < 5.12 | affected |
| Linux | Linux | 5.12 | affected |
| Linux | Linux | 0 < 5.12 | unaffected |
| Linux | Linux | 6.1.39 <= 6.1.* | unaffected |
| Linux | Linux | 6.3.13 <= 6.3.* | unaffected |
| Linux | Linux | 6.4.4 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/20109ddd5bea2c24d790debf5d02584ef24c3f5e
- https://git.kernel.org/stable/c/f72c67d1a82dada7d6d504c806e111e913721a30
- https://git.kernel.org/stable/c/6aa27775db63ba8c7c73891c7dfb71ddc230c48d
- https://git.kernel.org/stable/c/108598c39eefbedc9882273ac0df96127a629220
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.