CVE-2023-53075

ftrace: Fix invalid address access in lookup_rec() when index is 0

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964
https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc
https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635
https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283
https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9
https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8
https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4
https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504

Frequently Asked Questions

What is the severity of CVE-2023-53075?
CVE-2023-53075 has not yet been assigned a CVSS score.
How to fix CVE-2023-53075?
To fix CVE-2023-53075, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53075 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53075 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53075?
CVE-2023-53075 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.