CVE-2023-53167
- Source
- https://cve.org/CVERecord?id=CVE-2023-53167
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53167.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53167
- Downstream
- Related
- Published
- 2025-09-15T14:03:56.025Z
- Modified
- 2026-04-02T09:43:43.994634Z
- Summary
- tracing: Fix null pointer dereference in tracing_err_log_open()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix null pointer dereference in tracingerrlog_open()
Fix an issue in function 'tracingerrlogopen'. The function doesn't call 'seqopen' if the file is opened only with write permissions, which results in 'file->privatedata' being left as null. If we then use 'lseek' on that opened file, 'seqlseek' dereferences 'file->privatedata' in 'mutexlock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact.
Tracefs node: /sys/kernel/tracing/error_log
Example Kernel panic:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 Call trace: mutexlock+0x30/0x110 seqlseek+0x34/0xb8 _arm64syslseek+0x6c/0xb8 invokesyscall+0x58/0x13c el0svccommon+0xc4/0x10c doel0svc+0x24/0x98 el0svc+0x24/0x88 el0t64synchandler+0x84/0xe4 el0t64sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) ---[ end trace 561d1b49c12cf8a5 ]--- Kernel panic - not syncing: Oops: Fatal exception
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53167.json" }- References
-
- https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26
- https://git.kernel.org/stable/c/1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276
- https://git.kernel.org/stable/c/3b5d9b7b875968a8a8c99dac45cb85b705c44802
- https://git.kernel.org/stable/c/7060e5aac6dc195124c106f49106d653a416323a
- https://git.kernel.org/stable/c/93114cbc7cb169f6f26eeaed5286b91bb86b463b
- https://git.kernel.org/stable/c/938d5b7a75e18264887387ddf9169db6d8aeef98
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53167.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53167
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8a062902be725f647dc8da532b04d836546a369aFixed93114cbc7cb169f6f26eeaed5286b91bb86b463bFixed7060e5aac6dc195124c106f49106d653a416323aFixed3b5d9b7b875968a8a8c99dac45cb85b705c44802Fixed938d5b7a75e18264887387ddf9169db6d8aeef98Fixed1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276Fixed02b0095e2fbbc060560c1065f86a211d91e27b26