CVE-2023-53065
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53065
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53065.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53065
- Downstream
- Related
- Published
- 2025-05-02T15:55:18.789Z
- Modified
- 2025-11-26T19:33:31.228297Z
- Summary
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpf_output
syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dumpstack+0x9c/0xd3 printaddressdescription.constprop.0+0x19/0x170 kasanreport.cold+0x6c/0x84 kasanreport+0x3a/0x50 _perfeventheaderinitid+0x34/0x290 perfeventheaderinitid+0x48/0x60 perfoutputbegin+0x4a4/0x560 perfeventbpfoutput+0x161/0x1e0 perfiteratesbcpu+0x29e/0x340 perfiteratesb+0x4c/0xc0 perfeventbpfevent+0x194/0x2c0 _bpfprogput.constprop.0+0x55/0xf0 _clsbpfdeleteprog+0xea/0x120 [clsbpf] clsbpfdeleteprogwork+0x1c/0x30 [clsbpf] processonework+0x3c2/0x730 workerthread+0x93/0x650 kthread+0x1b8/0x210 retfrom_fork+0x1f/0x30
commit 267fb27352b6 ("perf: Reduce stack usage of perfoutputbegin()") use on-stack struct perfsampledata of the caller function.
However, perfeventbpfoutput uses incorrect parameter to convert small-sized data (struct perfbpfevent) into large-sized data (struct perfsampledata), which causes memory overwriting occurs in perfeventheaderinitid.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/9c3874e559580d6c6ec8d449812ac11277724770/cves/2023/53xxx/CVE-2023-53065.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9
- https://git.kernel.org/stable/c/ac5f88642cb211152041f84a985309e9af4baf59
- https://git.kernel.org/stable/c/ddcf8320003638a06eb1e46412e045d0c5701575
- https://git.kernel.org/stable/c/eb81a2ed4f52be831c9fb879752d89645a312c13
- https://git.kernel.org/stable/c/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced267fb27352b6fc9fdbad753127a239f75618ecbcFixedddcf8320003638a06eb1e46412e045d0c5701575
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced267fb27352b6fc9fdbad753127a239f75618ecbcFixedac5f88642cb211152041f84a985309e9af4baf59
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced267fb27352b6fc9fdbad753127a239f75618ecbcFixedff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced267fb27352b6fc9fdbad753127a239f75618ecbcFixed3a776fddb4e5598c8bfcd4ad094fba34f9856fc9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced267fb27352b6fc9fdbad753127a239f75618ecbcFixedeb81a2ed4f52be831c9fb879752d89645a312c13