GHSA-47VM-9F65-QWHR

Vulnerability from github – Published: 2025-12-09 03:31 – Updated: 2025-12-09 03:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

perf tool x86: Fix perf_env memory leak

Found by leak sanitizer:

==1632594==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 21 byte(s) in 1 object(s) allocated from:
    #0 0x7f2953a7077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439
    #1 0x556701d6fbbf in perf_env__read_cpuid util/env.c:369
    #2 0x556701d70589 in perf_env__cpuid util/env.c:465
    #3 0x55670204bba2 in x86__is_amd_cpu arch/x86/util/env.c:14
    #4 0x5567020487a2 in arch__post_evsel_config arch/x86/util/evsel.c:83
    #5 0x556701d8f78b in evsel__config util/evsel.c:1366
    #6 0x556701ef5872 in evlist__config util/record.c:108
    #7 0x556701cd6bcd in test__PERF_RECORD tests/perf-record.c:112
    #8 0x556701cacd07 in run_test tests/builtin-test.c:236
    #9 0x556701cacfac in test_and_print tests/builtin-test.c:265
    #10 0x556701cadddb in __cmd_test tests/builtin-test.c:402
    #11 0x556701caf2aa in cmd_test tests/builtin-test.c:559
    #12 0x556701d3b557 in run_builtin tools/perf/perf.c:323
    #13 0x556701d3bac8 in handle_internal_command tools/perf/perf.c:377
    #14 0x556701d3be90 in run_argv tools/perf/perf.c:421
    #15 0x556701d3c3f8 in main tools/perf/perf.c:537
    #16 0x7f2952a46189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s).
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53793"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T01:16:50Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf tool x86: Fix perf_env memory leak\n\nFound by leak sanitizer:\n```\n==1632594==ERROR: LeakSanitizer: detected memory leaks\n\nDirect leak of 21 byte(s) in 1 object(s) allocated from:\n    #0 0x7f2953a7077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439\n    #1 0x556701d6fbbf in perf_env__read_cpuid util/env.c:369\n    #2 0x556701d70589 in perf_env__cpuid util/env.c:465\n    #3 0x55670204bba2 in x86__is_amd_cpu arch/x86/util/env.c:14\n    #4 0x5567020487a2 in arch__post_evsel_config arch/x86/util/evsel.c:83\n    #5 0x556701d8f78b in evsel__config util/evsel.c:1366\n    #6 0x556701ef5872 in evlist__config util/record.c:108\n    #7 0x556701cd6bcd in test__PERF_RECORD tests/perf-record.c:112\n    #8 0x556701cacd07 in run_test tests/builtin-test.c:236\n    #9 0x556701cacfac in test_and_print tests/builtin-test.c:265\n    #10 0x556701cadddb in __cmd_test tests/builtin-test.c:402\n    #11 0x556701caf2aa in cmd_test tests/builtin-test.c:559\n    #12 0x556701d3b557 in run_builtin tools/perf/perf.c:323\n    #13 0x556701d3bac8 in handle_internal_command tools/perf/perf.c:377\n    #14 0x556701d3be90 in run_argv tools/perf/perf.c:421\n    #15 0x556701d3c3f8 in main tools/perf/perf.c:537\n    #16 0x7f2952a46189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nSUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s).\n```",
  "id": "GHSA-47vm-9f65-qwhr",
  "modified": "2025-12-09T03:31:11Z",
  "published": "2025-12-09T03:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53793"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/010139bfc6bb9ddab81dbc2cf71cd3a9c28adc7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75d65c1cc439606ada882755fd205d13c2c7907d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99d4850062a84564f36923764bb93935ef2ed108"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3daf02a41e3c11e1a473517a8a6169248fb8e7b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.