Bug 2355499 (CVE-2023-53007) - CVE-2023-53007 kernel: tracing: Make sure trace_printk() can output as soon as it can be used
Summary: CVE-2023-53007 kernel: tracing: Make sure trace_printk() can output as soon a...
Keywords:
Status: NEW
Alias: CVE-2023-53007
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-27 17:04 UTC by OSIDB Bzimport
Modified: 2025-03-27 21:20 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-03-27 17:04:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tracing: Make sure trace_printk() can output as soon as it can be used

Currently trace_printk() can be used as soon as early_trace_init() is
called from start_kernel(). But if a crash happens, and
"ftrace_dump_on_oops" is set on the kernel command line, all you get will
be:

  [    0.456075]   <idle>-0         0dN.2. 347519us : Unknown type 6
  [    0.456075]   <idle>-0         0dN.2. 353141us : Unknown type 6
  [    0.456075]   <idle>-0         0dN.2. 358684us : Unknown type 6

This is because the trace_printk() event (type 6) hasn't been registered
yet. That gets done via an early_initcall(), which may be early, but not
early enough.

Instead of registering the trace_printk() event (and other ftrace events,
which are not trace events) via an early_initcall(), have them registered at
the same time that trace_printk() can be used. This way, if there is a
crash before early_initcall(), then the trace_printk()s will actually be
useful.
Comment 1 Robb Gatica 2025-03-27 21:15:41 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025032713-CVE-2023-53007-6ed4@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.