CVE-2023-52835: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 __arm64_sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to maintains AUX trace pages. The allocated page for this array is physically contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the size of pointer array crosses the limitation set by MAX_ORDER, it reveals a WARNING. So bail out early with -ENOMEM if the request AUX area is out of bound, e.g.: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory)
AI Analysis
Technical Summary
CVE-2023-52835 is a vulnerability identified in the Linux kernel's perf subsystem, specifically related to the handling of the AUX area during performance recording. The perf tool is widely used for performance analysis and profiling in Linux environments. The issue arises when perf-record attempts to allocate a very large AUX area (e.g., 4GB) for tracing events. The kernel fails to properly handle requests that exceed the maximum allowable size defined by MAX_ORDER, which limits the size of physically contiguous memory allocations. When the requested AUX area surpasses this limit, the kernel triggers a WARNING due to an out-of-bounds allocation attempt in the __alloc_pages() function. The root cause is that the pointer array 'rb->aux_pages', allocated via kcalloc(), is used to maintain AUX trace pages and must be physically contiguous. If the requested size exceeds the maximum order, it leads to memory allocation failures and kernel warnings. The fix implemented involves an early bailout with an -ENOMEM error code when the requested AUX area is out of bounds, preventing the kernel from attempting invalid memory allocations. This vulnerability does not appear to be exploitable for privilege escalation or arbitrary code execution, but it can cause perf-record to fail and generate kernel warnings, potentially impacting system stability or reliability during performance monitoring tasks. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-52835 is primarily operational rather than security-critical. Organizations relying on Linux-based systems for performance monitoring and profiling, especially those using perf-record with large AUX areas, may experience failures or warnings that could disrupt performance analysis workflows. This could affect development, testing, and production environments where detailed performance tracing is essential. While it does not directly compromise confidentiality, integrity, or availability of systems, the inability to perform accurate performance profiling could hinder troubleshooting and optimization efforts, potentially leading to longer downtimes or degraded system performance. In high-availability or real-time systems common in sectors like finance, telecommunications, and critical infrastructure, such disruptions could have secondary effects. However, the vulnerability does not appear to allow attackers to gain unauthorized access or execute arbitrary code, limiting its direct security risk.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should ensure that their Linux kernel versions are updated to include the patch that implements the early bailout for out-of-bound AUX area requests. Specifically, kernel maintainers and system administrators should: 1) Monitor and apply Linux kernel updates promptly from trusted sources that address CVE-2023-52835. 2) Avoid configuring perf-record commands with excessively large AUX areas that exceed the MAX_ORDER limit, thereby preventing triggering the issue. 3) Implement monitoring for kernel warnings related to __alloc_pages() and perf to detect potential attempts to allocate large AUX areas. 4) For critical environments, consider restricting perf usage to trusted users or roles to minimize inadvertent triggering of the vulnerability. 5) Test performance monitoring tools after kernel updates to confirm that perf-record operates correctly without memory allocation failures. These steps go beyond generic advice by focusing on configuration management, update discipline, and operational monitoring specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2023-52835: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 __arm64_sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to maintains AUX trace pages. The allocated page for this array is physically contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the size of pointer array crosses the limitation set by MAX_ORDER, it reveals a WARNING. So bail out early with -ENOMEM if the request AUX area is out of bound, e.g.: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory)
AI-Powered Analysis
Technical Analysis
CVE-2023-52835 is a vulnerability identified in the Linux kernel's perf subsystem, specifically related to the handling of the AUX area during performance recording. The perf tool is widely used for performance analysis and profiling in Linux environments. The issue arises when perf-record attempts to allocate a very large AUX area (e.g., 4GB) for tracing events. The kernel fails to properly handle requests that exceed the maximum allowable size defined by MAX_ORDER, which limits the size of physically contiguous memory allocations. When the requested AUX area surpasses this limit, the kernel triggers a WARNING due to an out-of-bounds allocation attempt in the __alloc_pages() function. The root cause is that the pointer array 'rb->aux_pages', allocated via kcalloc(), is used to maintain AUX trace pages and must be physically contiguous. If the requested size exceeds the maximum order, it leads to memory allocation failures and kernel warnings. The fix implemented involves an early bailout with an -ENOMEM error code when the requested AUX area is out of bounds, preventing the kernel from attempting invalid memory allocations. This vulnerability does not appear to be exploitable for privilege escalation or arbitrary code execution, but it can cause perf-record to fail and generate kernel warnings, potentially impacting system stability or reliability during performance monitoring tasks. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-52835 is primarily operational rather than security-critical. Organizations relying on Linux-based systems for performance monitoring and profiling, especially those using perf-record with large AUX areas, may experience failures or warnings that could disrupt performance analysis workflows. This could affect development, testing, and production environments where detailed performance tracing is essential. While it does not directly compromise confidentiality, integrity, or availability of systems, the inability to perform accurate performance profiling could hinder troubleshooting and optimization efforts, potentially leading to longer downtimes or degraded system performance. In high-availability or real-time systems common in sectors like finance, telecommunications, and critical infrastructure, such disruptions could have secondary effects. However, the vulnerability does not appear to allow attackers to gain unauthorized access or execute arbitrary code, limiting its direct security risk.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should ensure that their Linux kernel versions are updated to include the patch that implements the early bailout for out-of-bound AUX area requests. Specifically, kernel maintainers and system administrators should: 1) Monitor and apply Linux kernel updates promptly from trusted sources that address CVE-2023-52835. 2) Avoid configuring perf-record commands with excessively large AUX areas that exceed the MAX_ORDER limit, thereby preventing triggering the issue. 3) Implement monitoring for kernel warnings related to __alloc_pages() and perf to detect potential attempts to allocate large AUX areas. 4) For critical environments, consider restricting perf usage to trusted users or roles to minimize inadvertent triggering of the vulnerability. 5) Test performance monitoring tools after kernel updates to confirm that perf-record operates correctly without memory allocation failures. These steps go beyond generic advice by focusing on configuration management, update discipline, and operational monitoring specific to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T15:19:24.252Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe76c2
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 7:28:18 AM
Last updated: 7/30/2025, 11:25:13 AM
Views: 10
Related Threats
CVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumCVE-2025-8361: CWE-962 Missing Authorization in Drupal Config Pages
HighCVE-2025-8092: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.