CVE-2023-53007

In the Linux kernel, the following vulnerability has been resolved:

tracing: Make sure trace_printk() can output as soon as it can be used

Currently trace_printk() can be used as soon as early_trace_init() is
called from start_kernel(). But if a crash happens, and
"ftrace_dump_on_oops" is set on the kernel command line, all you get will
be:

  [    0.456075]   <idle>-0         0dN.2. 347519us : Unknown type 6
  [    0.456075]   <idle>-0         0dN.2. 353141us : Unknown type 6
  [    0.456075]   <idle>-0         0dN.2. 358684us : Unknown type 6

This is because the trace_printk() event (type 6) hasn't been registered
yet. That gets done via an early_initcall(), which may be early, but not
early enough.

Instead of registering the trace_printk() event (and other ftrace events,
which are not trace events) via an early_initcall(), have them registered at
the same time that trace_printk() can be used. This way, if there is a
crash before early_initcall(), then the trace_printk()s will actually be
useful.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.19-1
fixed
sid
6.12.20-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/198c83963f6335ca6d690cff067679560f2a3a22
https://git.kernel.org/stable/c/3bb06eb6e9acf7c4a3e1b5bc87aed398ff8e2253
https://git.kernel.org/stable/c/76b2390fdc80c0a8300e5da5b6b62d201b6fe9ce
https://git.kernel.org/stable/c/b0af180514edea6c83dc9a299d9f383009c99f25
https://git.kernel.org/stable/c/b94d7c7654356860dd7719120c7d15ba38b6162a
https://git.kernel.org/stable/c/de3930a4883ddad2244efd6d349013294c62c75c
https://git.kernel.org/stable/c/f97eb0ab066133483a65c93eb894748de2f6b598