CVE-2023-53221

EPSS 0.02%
Veröffentlicht 15.09.2025 14:21:50
Zuletzt bearbeitet 15.09.2025 15:22:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix memleak due to fentry attach failure

If it fails to attach fentry, the allocated bpf trampoline image will be
left in the system. That can be verified by checking /proc/kallsyms.

This meamleak can be verified by a simple bpf program as follows:

  SEC("fentry/trap_init")
  int fentry_run()
  {
      return 0;
  }

It will fail to attach trap_init because this function is freed after
kernel init, and then we can find the trampoline image is left in the
system by checking /proc/kallsyms.

  $ tail /proc/kallsyms
  ffffffffc0613000 t bpf_trampoline_6442453466_1  [bpf]
  ffffffffc06c3000 t bpf_trampoline_6442453466_1  [bpf]

  $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trap_init'"
  [2522] FUNC 'trap_init' type_id=119 linkage=static

  $ echo $((6442453466 & 0x7fffffff))
  2522

Note that there are two left bpf trampoline images, that is because the
libbpf will fallback to raw tracepoint if -EINVAL is returned.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 20109ddd5bea2c24d790debf5d02584ef24c3f5e

Version e21aa341785c679dd409c8cb71f864c00fe6c463

Status affected

Version < f72c67d1a82dada7d6d504c806e111e913721a30

Version e21aa341785c679dd409c8cb71f864c00fe6c463

Status affected

Version < 6aa27775db63ba8c7c73891c7dfb71ddc230c48d

Version e21aa341785c679dd409c8cb71f864c00fe6c463

Status affected

Version < 108598c39eefbedc9882273ac0df96127a629220

Version e21aa341785c679dd409c8cb71f864c00fe6c463

Status affected

Version e21d2b92354b3cd25dd774ebb0f0e52ff04a7861

Status affected

Version 85d177f56e5256e14b74a65940f981f6e3e8bb32

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.12

Status affected

Version < 5.12

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.39

Status unaffected

Version <= 6.3.*

Version 6.3.13

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/20109ddd5bea2c24d790debf5d02584ef24c3f5e

https://git.kernel.org/stable/c/f72c67d1a82dada7d6d504c806e111e913721a30

https://git.kernel.org/stable/c/6aa27775db63ba8c7c73891c7dfb71ddc230c48d

https://git.kernel.org/stable/c/108598c39eefbedc9882273ac0df96127a629220

https://nvd.nist.gov/vuln/detail/CVE-2023-53221

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53221

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53221

EUVD