CVE-2023-53221

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix memleak due to fentry attach failure<br /> <br /> If it fails to attach fentry, the allocated bpf trampoline image will be<br /> left in the system. That can be verified by checking /proc/kallsyms.<br /> <br /> This meamleak can be verified by a simple bpf program as follows:<br /> <br /> SEC("fentry/trap_init")<br /> int fentry_run()<br /> {<br /> return 0;<br /> }<br /> <br /> It will fail to attach trap_init because this function is freed after<br /> kernel init, and then we can find the trampoline image is left in the<br /> system by checking /proc/kallsyms.<br /> <br /> $ tail /proc/kallsyms<br /> ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf]<br /> ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]<br /> <br /> $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC &amp;#39;trap_init&amp;#39;"<br /> [2522] FUNC &amp;#39;trap_init&amp;#39; type_id=119 linkage=static<br /> <br /> $ echo $((6442453466 &amp; 0x7fffffff))<br /> 2522<br /> <br /> Note that there are two left bpf trampoline images, that is because the<br /> libbpf will fallback to raw tracepoint if -EINVAL is returned.