{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53075", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-02T15:51:43.549Z", "datePublished": "2025-05-02T15:55:26.023Z", "dateUpdated": "2025-05-04T07:49:14.766Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:49:14.766Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ftrace.c"], "versions": [{"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "2de28e5ce34b22b73b833a21e2c45ae3aade3964", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "7569ee04b0e3b32df79f64db3a7138573edad9bc", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "ac58b88ccbbb8e9fb83e137cee04a856b1ea6635", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "83c3b2f4e7c61367c7b24551f4c6eb94bbdda283", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "2a0d71fabfeb349216d33f001a6421b1768bd3a9", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "4f84f31f63416b0f02fc146ffdc4ab32723eb7e8", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4", "status": "affected", "versionType": "git"}, {"version": "9644302e3315e7e36495d230d5ac7125a316d33e", "lessThan": "ee92fa443358f4fc0017c1d0d325c27b37802504", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/ftrace.c"], "versions": [{"version": "3.5", "status": "affected"}, {"version": "0", "lessThan": "3.5", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.311", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.279", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.238", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.176", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.104", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.21", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.8", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "4.14.311"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "4.19.279"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "5.4.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "5.10.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "5.15.104"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "6.1.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "6.2.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964"}, {"url": "https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc"}, {"url": "https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635"}, {"url": "https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283"}, {"url": "https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9"}, {"url": "https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8"}, {"url": "https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4"}, {"url": "https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504"}], "title": "ftrace: Fix invalid address access in lookup_rec() when index is 0", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F0A20C2-796F-407E-BACB-939437BB8D55", "versionEndExcluding": "4.14.311", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E21A6F0-EF6A-4BB1-BEC0-09275FA55481", "versionEndExcluding": "4.19.279", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FF05A65-6B32-4A9C-905D-6E0F17C6803B", "versionEndExcluding": "5.4.238", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DA7FEF3-FE10-4D78-94E4-BDCDA7371DD5", "versionEndExcluding": "5.10.176", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB8A3D70-3EE1-4B1C-8A21-21CA7356DCA7", "versionEndExcluding": "5.15.104", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F1CA6A9-8F4D-408D-9116-868EC067DCD9", "versionEndExcluding": "6.1.21", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4011EC6B-7786-4709-B765-186FA31D6F7F", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Se corrige el acceso a direcciones no v\u00e1lidas en lookup_rec() cuando el \u00edndice es 0 KASAN inform\u00f3 el siguiente problema: BUG: KASAN: use-after-free en lookup_rec Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff000199270ff0 por la tarea modprobe CPU: 2 Comm: modprobe Rastreo de llamadas: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe Al verificar pg->records[pg->index - 1].ip en lookup_rec(), puede obtener un pg que se agreg\u00f3 recientemente a ftrace_pages_start en ftrace_process_locs(). Antes del primer pg->index++, el \u00edndice es 0 y acceder a pg->records[-1].ip causar\u00e1 este problema. No verifique la IP cuando pg->index sea 0."}], "id": "CVE-2023-53075", "lastModified": "2025-11-12T20:49:42.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-02T16:15:26.510", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ftrace: Fix invalid address access in lookup_rec() when index is 0", "id": "2363790", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363790"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nftrace: Fix invalid address access in lookup_rec() when index is 0\nKASAN reported follow problem:\nBUG: KASAN: use-after-free in lookup_rec\nRead of size 8 at addr ffff000199270ff0 by task modprobe\nCPU: 2 Comm: modprobe\nCall trace:\nkasan_report\n__asan_load8\nlookup_rec\nftrace_location\narch_check_ftrace_location\ncheck_kprobe_address_safe\nregister_kprobe\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\nDon't check the ip when pg->index is 0."], "name": "CVE-2023-53075", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53075\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53075\nhttps://lore.kernel.org/linux-cve-announce/2025050215-CVE-2023-53075-6770@gregkh/T"], "threat_severity": "Moderate"}