CVE-2023-53221
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53221
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53221.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53221
- Downstream
- Published
- 2025-09-15T15:15:48Z
- Modified
- 2025-09-15T20:01:24Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memleak due to fentry attach failure
If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms.
This meamleak can be verified by a simple bpf program as follows:
SEC("fentry/trapinit") int fentryrun() { return 0; }
It will fail to attach trap_init because this function is freed after kernel init, and then we can find the trampoline image is left in the system by checking /proc/kallsyms.
$ tail /proc/kallsyms ffffffffc0613000 t bpftrampoline64424534661 [bpf] ffffffffc06c3000 t bpftrampoline64424534661 [bpf]
$ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trapinit'" [2522] FUNC 'trapinit' type_id=119 linkage=static
$ echo $((6442453466 & 0x7fffffff)) 2522
Note that there are two left bpf trampoline images, that is because the libbpf will fallback to raw tracepoint if -EINVAL is returned.
- References