CVE-2023-53478

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel tracing subsystem contains a flaw related to concurrent access to the last cmd variable within the synthetic events functionality. Multiple processes manipulating the synthetic events node simultaneously can lead to use-after-free or double-free conditions. The issue arises from asynchronous access to last cmd without proper synchronization. The vulnerability can be reproduced by writing to the /sys/kernel/tracing/synthetic events file using specific commands in separate shells. Specifically, sending 'x88' and 'xb0' to this file can trigger the flaw. The KASAN reports indicate a double-free and a use-after-free scenario involving the kstrdup and kfree functions, ultimately leading to errors in tracing log err. The lastcmd mutex was added to prevent asynchronous access to last cmd.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.