CVE-2023-53075

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue was discovered in the Linux kernel, specifically in the ftrace subsystem. The problem occurs when the lookup rec() function accesses an invalid address, which is reported by KASAN. This happens when checking pg->records[pg->index - 1].ip in lookup rec(), where pg is a newly added page to ftrace pages start in ftrace process locs(). Before the first pg->index++, the index is 0, and accessing pg->records[-1].ip causes the issue. The fix involves not checking the ip when pg->index is 0.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.