CVE-2023-53221
15.09.2025, 15:15
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memleak due to fentry attach failure
If it fails to attach fentry, the allocated bpf trampoline image will be
left in the system. That can be verified by checking /proc/kallsyms.
This meamleak can be verified by a simple bpf program as follows:
SEC("fentry/trap_init")
int fentry_run()
{
return 0;
}
It will fail to attach trap_init because this function is freed after
kernel init, and then we can find the trampoline image is left in the
system by checking /proc/kallsyms.
$ tail /proc/kallsyms
ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf]
ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]
$ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trap_init'"
[2522] FUNC 'trap_init' type_id=119 linkage=static
$ echo $((6442453466 & 0x7fffffff))
2522
Note that there are two left bpf trampoline images, that is because the
libbpf will fallback to raw tracepoint if -EINVAL is returned.Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.10.28 ≤ 𝑥 < 5.11 |
| linux | linux_kernel | 5.11.11 ≤ 𝑥 < 5.12 |
| linux | linux_kernel | 5.12.1 ≤ 𝑥 < 6.1.39 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.3.13 |
| linux | linux_kernel | 6.4 ≤ 𝑥 < 6.4.4 |
| linux | linux_kernel | 5.12 |
| linux | linux_kernel | 5.12:rc5 |
| linux | linux_kernel | 5.12:rc6 |
| linux | linux_kernel | 5.12:rc7 |
| linux | linux_kernel | 5.12:rc8 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration