CVE-2023-53167
EUVD-2023-5980915.09.2025, 14:15
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracing_err_log_open() Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek' on that opened file, 'seq_lseek' dereferences 'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact. Tracefs node: /sys/kernel/tracing/error_log Example Kernel panic: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 Call trace: mutex_lock+0x30/0x110 seq_lseek+0x34/0xb8 __arm64_sys_lseek+0x6c/0xb8 invoke_syscall+0x58/0x13c el0_svc_common+0xc4/0x10c do_el0_svc+0x24/0x98 el0_svc+0x24/0x88 el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) ---[ end trace 561d1b49c12cf8a5 ]--- Kernel panic - not syncing: Oops: Fatal exceptionEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.2 ≤ 𝑥 < 5.4.251 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.188 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.121 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.40 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.4.5 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cluster-md-kmp-default |
| ||||||||||||||||
| dlm-kmp-default |
| ||||||||||||||||
| gfs2-kmp-default |
| ||||||||||||||||
| kernel-64kb |
| ||||||||||||||||
| kernel-azure |
| ||||||||||||||||
| kernel-default |
| ||||||||||||||||
| kernel-default-base |
| ||||||||||||||||
| kernel-obs-build |
| ||||||||||||||||
| kernel-source |
| ||||||||||||||||
| kernel-source-azure |
| ||||||||||||||||
| kernel-zfcpdump |
| ||||||||||||||||
| ocfs2-kmp-default |
| ||||||||||||||||
| reiserfs-kmp-default |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| bpftool |
| ||
| bpftool-debuginfo |
| ||
| kernel |
| ||
| kernel-debuginfo |
| ||
| kernel-debuginfo-common-aarch64 |
| ||
| kernel-debuginfo-common-x86_64 |
| ||
| kernel-devel |
| ||
| kernel-headers |
| ||
| kernel-libbpf |
| ||
| kernel-libbpf-devel |
| ||
| kernel-libbpf-static |
| ||
| kernel-livepatch-6.1.41-63.109 |
| ||
| kernel-tools |
| ||
| kernel-tools-debuginfo |
| ||
| kernel-tools-devel |
| ||
| perf |
| ||
| perf-debuginfo |
| ||
| python3-perf |
| ||
| python3-perf-debuginfo |
|
Common Weakness Enumeration
References