CVE-2023-54211

Published: Dic 30, 2025 Last Modified: Dic 31, 2025

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix warning in trace_buffered_event_disable()

Warning happened in trace_buffered_event_disable() at
WARN_ON_ONCE(!trace_buffered_event_ref)

Call Trace:
? __warn+0xa5/0x1b0
? trace_buffered_event_disable+0x189/0x1b0
__ftrace_event_enable_disable+0x19e/0x3e0
free_probe_data+0x3b/0xa0
unregister_ftrace_function_probe_func+0x6b8/0x800
event_enable_func+0x2f0/0x3d0
ftrace_process_regex.isra.0+0x12d/0x1b0
ftrace_filter_write+0xe6/0x140
vfs_write+0x1c9/0x6f0
[...]

The cause of the warning is in __ftrace_event_enable_disable(),
trace_buffered_event_enable() was called once while
trace_buffered_event_disable() was called twice.
Reproduction script show as below, for analysis, see the comments:
```
#!/bin/bash

cd /sys/kernel/tracing/

# 1. Register a 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was set;
# 2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter

# 2. Enable the event registered, then:
# 1) SOFT_DISABLED_BIT was cleared;
# 2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable

# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
# set again!!!
cat /proc/cmdline

# 4. Unregister the 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was cleared again;
# 2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
```

To fix it, IIUC, we can change to call trace_buffered_event_enable() at
fist time soft-mode enabled, and call trace_buffered_event_disable() at
last time soft-mode disabled.

AI Generated Translation

Nel kernel Linux, è stata risolta la seguente vulnerabilità:

tracing: Correzione di un warning in trace_buffered_event_disable()

Il warning si verificava in trace_buffered_event_disable() in corrispondenza di
WARN_ON_ONCE(!trace_buffered_event_ref)

La causa del warning risiede in __ftrace_event_enable_disable(), in quanto trace_buffered_event_enable() veniva chiamata una volta mentre trace_buffered_event_disable() veniva chiamata due volte. Lo script di riproduzione mostrato di seguito, per analisi, con commenti:
```
#!/bin/bash

cd /sys/kernel/tracing/

# 1. Si registra un comando 'disable_event', quindi:
# 1) viene impostato SOFT_DISABLED_BIT;
# 2) viene chiamata trace_buffered_event_enable() per la prima volta;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter

# 2. Si abilita l'evento registrato, quindi:
# 1) viene cancellato SOFT_DISABLED_BIT;
# 2) viene chiamata trace_buffered_event_disable() per la prima volta;
echo 1 > events/initcall/initcall_finish/enable

# 3. Si tenta di chiamare cmdline_proc_show(), quindi SOFT_DISABLED_BIT viene
# impostato di nuovo!!!
cat /proc/cmdline

# 4. Si deregistra il comando 'disable_event', quindi:
# 1) SOFT_DISABLED_BIT viene cancellato di nuovo;
# 2) viene chiamata trace_buffered_event_disable() per la seconda volta!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
```

Per risolvere, a mio avviso, possiamo modificare il comportamento chiamando trace_buffered_event_enable() alla prima attivazione in modalità soft, e trace_buffered_event_disable() all'ultima disattivazione in modalità soft.