Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53649

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/10/2025
Last modified:
03/02/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf trace: Really free the evsel-&gt;priv area<br /> <br /> In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in<br /> evsel-&gt;priv") it only was freeing if strcmp(evsel-&gt;tp_format-&gt;system,<br /> "syscalls") returned zero, while the corresponding initialization of<br /> evsel-&gt;priv was being performed if it was _not_ zero, i.e. if the tp<br /> system wasn&amp;#39;t &amp;#39;syscalls&amp;#39;.<br /> <br /> Just stop looking for that and free it if evsel-&gt;priv was set, which<br /> should be equivalent.<br /> <br /> Also use the pre-existing evsel_trace__delete() function.<br /> <br /> This resolves these leaks, detected with:<br /> <br /> $ make EXTRA_CFLAGS="-fsanitize=address" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin<br /> <br /> =================================================================<br /> ==481565==ERROR: LeakSanitizer: detected memory leaks<br /> <br /> Direct leak of 40 byte(s) in 1 object(s) allocated from:<br /> #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)<br /> #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)<br /> #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307<br /> #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333<br /> #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458<br /> #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480<br /> #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212<br /> #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891<br /> #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156<br /> #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323<br /> #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377<br /> #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421<br /> #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537<br /> #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)<br /> <br /> Direct leak of 40 byte(s) in 1 object(s) allocated from:<br /> #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)<br /> #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)<br /> #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307<br /> #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333<br /> #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458<br /> #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480<br /> #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205<br /> #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891<br /> #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156<br /> #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323<br /> #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377<br /> #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421<br /> #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537<br /> #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)<br /> <br /> SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).<br /> [root@quaco ~]#<br /> <br /> With this we plug all leaks with "perf trace sleep 1".

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.14.1 (including) 5.15.132 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.54 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.5.4 (excluding)
cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.14:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools