FKIE_CVE-2023-54211

Vulnerability from fkie_nvd - Published: 2025-12-30 13:16 - Updated: 2025-12-30 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in trace_buffered_event_disable() Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref) Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 vfs_write+0x1c9/0x6f0 [...] The cause of the warning is in __ftrace_event_enable_disable(), trace_buffered_event_enable() was called once while trace_buffered_event_disable() was called twice. Reproduction script show as below, for analysis, see the comments: ``` #!/bin/bash cd /sys/kernel/tracing/ # 1. Register a 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was set; # 2) trace_buffered_event_enable() was called first time; echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter # 2. Enable the event registered, then: # 1) SOFT_DISABLED_BIT was cleared; # 2) trace_buffered_event_disable() was called first time; echo 1 > events/initcall/initcall_finish/enable # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was # set again!!! cat /proc/cmdline # 4. Unregister the 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was cleared again; # 2) trace_buffered_event_disable() was called second time!!! echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter ``` To fix it, IIUC, we can change to call trace_buffered_event_enable() at fist time soft-mode enabled, and call trace_buffered_event_disable() at last time soft-mode disabled.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n  WARN_ON_ONCE(!trace_buffered_event_ref)\n\n  Call Trace:\n   ? __warn+0xa5/0x1b0\n   ? trace_buffered_event_disable+0x189/0x1b0\n   __ftrace_event_enable_disable+0x19e/0x3e0\n   free_probe_data+0x3b/0xa0\n   unregister_ftrace_function_probe_func+0x6b8/0x800\n   event_enable_func+0x2f0/0x3d0\n   ftrace_process_regex.isra.0+0x12d/0x1b0\n   ftrace_filter_write+0xe6/0x140\n   vfs_write+0x1c9/0x6f0\n   [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a \u0027disable_event\u0027 command, then:\n #    1) SOFT_DISABLED_BIT was set;\n #    2) trace_buffered_event_enable() was called first time;\n echo \u0027cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n     set_ftrace_filter\n\n # 2. Enable the event registered, then:\n #    1) SOFT_DISABLED_BIT was cleared;\n #    2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n #    set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the \u0027disable_event\u0027 command, then:\n #    1) SOFT_DISABLED_BIT was cleared again;\n #    2) trace_buffered_event_disable() was called second time!!!\n echo \u0027!cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n     set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled."
    }
  ],
  "id": "CVE-2023-54211",
  "lastModified": "2025-12-30T13:16:09.303",
  "metrics": {},
  "published": "2025-12-30T13:16:09.303",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.