CVE-2023-53557

EPSS 0.02%
Veröffentlicht 04.10.2025 15:17:02
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

fprobe: Release rethook after the ftrace_ops is unregistered

While running bpf selftests it's possible to get following fault:

  general protection fault, probably for non-canonical address \
  0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI
  ...
  Call Trace:
   <TASK>
   fprobe_handler+0xc1/0x270
   ? __pfx_bpf_testmod_init+0x10/0x10
   ? __pfx_bpf_testmod_init+0x10/0x10
   ? bpf_fentry_test1+0x5/0x10
   ? bpf_fentry_test1+0x5/0x10
   ? bpf_testmod_init+0x22/0x80
   ? do_one_initcall+0x63/0x2e0
   ? rcu_is_watching+0xd/0x40
   ? kmalloc_trace+0xaf/0xc0
   ? do_init_module+0x60/0x250
   ? __do_sys_finit_module+0xac/0x120
   ? do_syscall_64+0x37/0x90
   ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
   </TASK>

In unregister_fprobe function we can't release fp->rethook while it's
possible there are some of its users still running on another cpu.

Moving rethook_free call after fp->ops is unregistered with
unregister_ftrace_function call.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ce3ec57faff559ccae1e0150c1f077eb2df648a4

Version 5b0ab78998e32564a011b14c4c7f9c81e2d42b9d

Status affected

Version < 03d63255a5783243c110aec5e6ae2f1475c3be76

Version 5b0ab78998e32564a011b14c4c7f9c81e2d42b9d

Status affected

Version < 5f81018753dfd4989e33ece1f0cb6b8aae498b82

Version 5b0ab78998e32564a011b14c4c7f9c81e2d42b9d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.5

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ce3ec57faff559ccae1e0150c1f077eb2df648a4

https://git.kernel.org/stable/c/03d63255a5783243c110aec5e6ae2f1475c3be76

https://git.kernel.org/stable/c/5f81018753dfd4989e33ece1f0cb6b8aae498b82

https://nvd.nist.gov/vuln/detail/CVE-2023-53557

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53557

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53557

EUVD