CVE-2023-53649
- Source
- https://cve.org/CVERecord?id=CVE-2023-53649
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53649.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53649
- Downstream
- Related
- Published
- 2025-10-07T15:19:46.459Z
- Modified
- 2026-02-24T07:35:12.490584Z
- Summary
- perf trace: Really free the evsel->priv area
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
perf trace: Really free the evsel->priv area
In 3cb4d5e00e037c70 ("perf trace: Free syscall tp fields in evsel->priv") it only was freeing if strcmp(evsel->tpformat->system, "syscalls") returned zero, while the corresponding initialization of evsel->priv was being performed if it was _not zero, i.e. if the tp system wasn't 'syscalls'.
Just stop looking for that and free it if evsel->priv was set, which should be equivalent.
Also use the pre-existing evseltrace_delete() function.
This resolves these leaks, detected with:
$ make EXTRACFLAGS="-fsanitize=address" BUILDBPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin
================================================================= ==481565==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097) #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966) #2 0x52f9b9 in evseltracenew /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307 #3 0x52f9b9 in evselsyscalltp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333 #4 0x52f9b9 in evselinitrawsyscalltp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458 #5 0x52f9b9 in perfevselrawsyscallnewtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480 #6 0x540e8b in traceaddsyscallnewtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212 #7 0x540e8b in tracerun /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891 #8 0x540e8b in cmdtrace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156 #9 0x5ef262 in runbuiltin /home/acme/git/perf-tools-next/tools/perf/perf.c:323 #10 0x4196da in handleinternalcommand /home/acme/git/perf-tools-next/tools/perf/perf.c:377 #11 0x4196da in runargv /home/acme/git/perf-tools-next/tools/perf/perf.c:421 #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537 #13 0x7f7342c4a50f in _libcstartcall_main (/lib64/libc.so.6+0x2750f)
Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097) #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966) #2 0x52f9b9 in evseltracenew /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307 #3 0x52f9b9 in evselsyscalltp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333 #4 0x52f9b9 in evselinitrawsyscalltp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458 #5 0x52f9b9 in perfevselrawsyscallnewtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480 #6 0x540dd1 in traceaddsyscallnewtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205 #7 0x540dd1 in tracerun /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891 #8 0x540dd1 in cmdtrace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156 #9 0x5ef262 in runbuiltin /home/acme/git/perf-tools-next/tools/perf/perf.c:323 #10 0x4196da in handleinternalcommand /home/acme/git/perf-tools-next/tools/perf/perf.c:377 #11 0x4196da in runargv /home/acme/git/perf-tools-next/tools/perf/perf.c:421 #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537 #13 0x7f7342c4a50f in _libcstartcall_main (/lib64/libc.so.6+0x2750f)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). [root@quaco ~]#
With this we plug all leaks with "perf trace sleep 1".
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53649.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/27f396f64537b1ae48d0644d7cbf0d250b3c0b33
- https://git.kernel.org/stable/c/62dd514c34be63d3d5cae1f52a7e8b96c6dd6630
- https://git.kernel.org/stable/c/7962ef13651a9163f07b530607392ea123482e8a
- https://git.kernel.org/stable/c/c3bc668581e71e7c3bc7eb1d647f25f8db222163
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53649.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53649
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3cb4d5e00e037c70f239173bdd399a7e6040830fFixedc3bc668581e71e7c3bc7eb1d647f25f8db222163Fixed62dd514c34be63d3d5cae1f52a7e8b96c6dd6630Fixed27f396f64537b1ae48d0644d7cbf0d250b3c0b33Fixed7962ef13651a9163f07b530607392ea123482e8a
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179035295561019467246608614639618386943",
"190918846477302372591093541636916345900",
"152597710584305128833665825840979957553",
"237582100700221869440077994396775937313",
"17231406075446099974429553446929570050",
"209524475599869984000353585503854252575",
"271387770586241489695205488719884164543",
"66886428612824561202451235128934796339"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7962ef13651a9163f07b530607392ea123482e8a",
"deprecated": false,
"id": "CVE-2023-53649-0d98cfaa",
"signature_type": "Line",
"target": {
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 277.0,
"function_hash": "148366354243989240266072692833937412586"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@62dd514c34be63d3d5cae1f52a7e8b96c6dd6630",
"deprecated": false,
"id": "CVE-2023-53649-4d934b94",
"signature_type": "Function",
"target": {
"function": "evlist__free_syscall_tp_fields",
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179035295561019467246608614639618386943",
"190918846477302372591093541636916345900",
"152597710584305128833665825840979957553",
"237582100700221869440077994396775937313",
"17231406075446099974429553446929570050",
"209524475599869984000353585503854252575",
"271387770586241489695205488719884164543",
"66886428612824561202451235128934796339"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@62dd514c34be63d3d5cae1f52a7e8b96c6dd6630",
"deprecated": false,
"id": "CVE-2023-53649-5785182d",
"signature_type": "Line",
"target": {
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 277.0,
"function_hash": "148366354243989240266072692833937412586"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@27f396f64537b1ae48d0644d7cbf0d250b3c0b33",
"deprecated": false,
"id": "CVE-2023-53649-7541d5a7",
"signature_type": "Function",
"target": {
"function": "evlist__free_syscall_tp_fields",
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 277.0,
"function_hash": "148366354243989240266072692833937412586"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7962ef13651a9163f07b530607392ea123482e8a",
"deprecated": false,
"id": "CVE-2023-53649-7b6da217",
"signature_type": "Function",
"target": {
"function": "evlist__free_syscall_tp_fields",
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 277.0,
"function_hash": "148366354243989240266072692833937412586"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3bc668581e71e7c3bc7eb1d647f25f8db222163",
"deprecated": false,
"id": "CVE-2023-53649-7cf0a586",
"signature_type": "Function",
"target": {
"function": "evlist__free_syscall_tp_fields",
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179035295561019467246608614639618386943",
"190918846477302372591093541636916345900",
"152597710584305128833665825840979957553",
"237582100700221869440077994396775937313",
"17231406075446099974429553446929570050",
"209524475599869984000353585503854252575",
"271387770586241489695205488719884164543",
"66886428612824561202451235128934796339"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@27f396f64537b1ae48d0644d7cbf0d250b3c0b33",
"deprecated": false,
"id": "CVE-2023-53649-9e02459b",
"signature_type": "Line",
"target": {
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179035295561019467246608614639618386943",
"190918846477302372591093541636916345900",
"152597710584305128833665825840979957553",
"237582100700221869440077994396775937313",
"17231406075446099974429553446929570050",
"209524475599869984000353585503854252575",
"271387770586241489695205488719884164543",
"66886428612824561202451235128934796339"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3bc668581e71e7c3bc7eb1d647f25f8db222163",
"deprecated": false,
"id": "CVE-2023-53649-e6a140a3",
"signature_type": "Line",
"target": {
"file": "tools/perf/builtin-trace.c"
},
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53649.json"