CVE-2023-53093

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A bug in the Linux kernel's histogram code allowed histogram values to have certain modifiers, which caused a bug. The issue occurred when attempting to set a histogram value to a string, stacktrace, graph, symbol, syscall, or grouped in buckets or log, resulting in a kernel NULL pointer dereference. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include:

API Endpoints: /sys/kernel/tracing/kprobe events and /sys/kernel/tracing/events/kprobes/copy to user/trigger
Vulnerable Parameters or Variables: n, hitcount.buckets, sort
Function Names: hist field name.part.0, hist field print, event hist trigger print, hist show

Recommendations For Linux kernel versions prior to the fixed version: update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the /sys/kernel/tracing/ directory to minimize the risk of exploitation. Avoid using the n and hitcount.buckets parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-70135

BDU:2026-05865

CVE-2023-53093

OESA-2025-1514

OESA-2025-1515

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Affected Products

Debian

Linux Kernel

Red Os

Suse

CVE-2023-53093

Weakness Enumeration

Related Identifiers

Affected Products

References · 459