CVE-2023-53007
27.03.2025, 17:15
In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure trace_printk() can output as soon as it can be used Currently trace_printk() can be used as soon as early_trace_init() is called from start_kernel(). But if a crash happens, and "ftrace_dump_on_oops" is set on the kernel command line, all you get will be: [ 0.456075] <idle>-0 0dN.2. 347519us : Unknown type 6 [ 0.456075] <idle>-0 0dN.2. 353141us : Unknown type 6 [ 0.456075] <idle>-0 0dN.2. 358684us : Unknown type 6 This is because the trace_printk() event (type 6) hasn't been registered yet. That gets done via an early_initcall(), which may be early, but not early enough. Instead of registering the trace_printk() event (and other ftrace events, which are not trace events) via an early_initcall(), have them registered at the same time that trace_printk() can be used. This way, if there is a crash before early_initcall(), then the trace_printk()s will actually be useful.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.12 ≤ 𝑥 < 4.14.305 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.19.272 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.231 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.166 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.91 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.9 |
| linux | linux_kernel | 6.2:rc1 |
| linux | linux_kernel | 6.2:rc2 |
| linux | linux_kernel | 6.2:rc3 |
| linux | linux_kernel | 6.2:rc4 |
| linux | linux_kernel | 6.2:rc5 |
𝑥
= Vulnerable software versions
Debian Releases
References