-

CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix warning in trace_buffered_event_disable()

Warning happened in trace_buffered_event_disable() at
  WARN_ON_ONCE(!trace_buffered_event_ref)

  Call Trace:
   ? __warn+0xa5/0x1b0
   ? trace_buffered_event_disable+0x189/0x1b0
   __ftrace_event_enable_disable+0x19e/0x3e0
   free_probe_data+0x3b/0xa0
   unregister_ftrace_function_probe_func+0x6b8/0x800
   event_enable_func+0x2f0/0x3d0
   ftrace_process_regex.isra.0+0x12d/0x1b0
   ftrace_filter_write+0xe6/0x140
   vfs_write+0x1c9/0x6f0
   [...]

The cause of the warning is in __ftrace_event_enable_disable(),
trace_buffered_event_enable() was called once while
trace_buffered_event_disable() was called twice.
Reproduction script show as below, for analysis, see the comments:
 ```
 #!/bin/bash

 cd /sys/kernel/tracing/

 # 1. Register a 'disable_event' command, then:
 #    1) SOFT_DISABLED_BIT was set;
 #    2) trace_buffered_event_enable() was called first time;
 echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
     set_ftrace_filter

 # 2. Enable the event registered, then:
 #    1) SOFT_DISABLED_BIT was cleared;
 #    2) trace_buffered_event_disable() was called first time;
 echo 1 > events/initcall/initcall_finish/enable

 # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
 #    set again!!!
 cat /proc/cmdline

 # 4. Unregister the 'disable_event' command, then:
 #    1) SOFT_DISABLED_BIT was cleared again;
 #    2) trace_buffered_event_disable() was called second time!!!
 echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
     set_ftrace_filter
 ```

To fix it, IIUC, we can change to call trace_buffered_event_enable() at
fist time soft-mode enabled, and call trace_buffered_event_disable() at
last time soft-mode disabled.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 1488d782c9e43087a3f341b8186cd25f3cf75583
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < b4f4ab423107dc1ba8e9cc6488c645be6403d3f5
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < cdcc35e6454133feb61561b4e0d0c80e52cbc2ba
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < 813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < a3a3c7bddab9b6c5690b20796ef5e332b8c48afb
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < 528c9d73153754defb748f0b96ad33308668d817
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
Version < dea499781a1150d285c62b26659f62fb00824fce
Version 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.7
Status affected
Version < 4.7
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.322
Status unaffected
Version <= 4.19.*
Version 4.19.291
Status unaffected
Version <= 5.4.*
Version 5.4.253
Status unaffected
Version <= 5.10.*
Version 5.10.190
Status unaffected
Version <= 5.15.*
Version 5.15.124
Status unaffected
Version <= 6.1.*
Version 6.1.43
Status unaffected
Version <= 6.4.*
Version 6.4.8
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.