SB2025050418 - Use-after-free in Linux kernel trace
Published: May 4, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050418
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-53075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9
- https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964
- https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8
- https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc
- https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283
- https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635
- https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504
- https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8