AZL-71230

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71230.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71230

Upstream

CVE-2023-53221

Published

2025-09-15T15:15:48Z

Modified

2026-04-01T05:22:30.757350Z

Summary

CVE-2023-53221 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix memleak due to fentry attach failure

If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms.

This meamleak can be verified by a simple bpf program as follows:

SEC("fentry/trapinit") int fentryrun() { return 0; }

It will fail to attach trap_init because this function is freed after kernel init, and then we can find the trampoline image is left in the system by checking /proc/kallsyms.

$ tail /proc/kallsyms ffffffffc0613000 t bpftrampoline64424534661 [bpf] ffffffffc06c3000 t bpftrampoline64424534661 [bpf]

$ bpftool btf dump file /sys/kernel/btf/vmlinux | grep "FUNC 'trapinit'" [2522] FUNC 'trapinit' type_id=119 linkage=static

$ echo $((6442453466 & 0x7fffffff)) 2522

Note that there are two left bpf trampoline images, that is because the libbpf will fallback to raw tracepoint if -EINVAL is returned.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-53221

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71230.json"