CVE-2023-53065: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 worker_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") use on-stack struct perf_sample_data of the caller function. However, perf_event_bpf_output uses incorrect parameter to convert small-sized data (struct perf_bpf_event) into large-sized data (struct perf_sample_data), which causes memory overwriting occurs in __perf_event_header__init_id.
AI Analysis
Technical Summary
CVE-2023-53065 is a vulnerability identified in the Linux kernel's perf subsystem, specifically within the perf_event_bpf_output function. The issue arises due to an incorrect parameter usage when converting data structures of differing sizes, namely converting a smaller struct perf_bpf_event into a larger struct perf_sample_data. This misuse leads to memory overwriting in the __perf_event_header__init_id function, which is part of the perf event header initialization process. The vulnerability was discovered through syzkaller, a kernel fuzzing tool, which reported a Kernel Address Sanitizer (KASAN) stack-out-of-bounds error. The call trace indicates the problem occurs during the handling of BPF (Berkeley Packet Filter) related perf events, which are used for performance monitoring and tracing in the Linux kernel. The root cause is linked to the perf_output_begin function's parameter handling, which was incorrectly invoked, causing stack memory corruption. This flaw could potentially be exploited to cause kernel crashes or lead to privilege escalation if an attacker can trigger the vulnerable code path. The vulnerability affects Linux kernel versions containing the commit 267fb27352b6, which attempted to reduce stack usage in perf_output_begin but inadvertently introduced this parameter misuse. No public exploits are known at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-53065 could be significant, especially for those relying heavily on Linux-based infrastructure, including servers, cloud environments, and embedded systems. The perf subsystem is widely used for performance monitoring and tracing, often by system administrators and security tools. Exploitation of this vulnerability could lead to kernel memory corruption, resulting in system instability, denial of service (DoS), or potentially privilege escalation attacks. This could compromise the confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, telecommunications, government, and critical infrastructure, which often deploy Linux servers, could face operational disruptions or data breaches if this vulnerability is exploited. The lack of known exploits currently reduces immediate risk, but the presence of a kernel memory corruption bug in a widely deployed OS kernel component warrants urgent attention to prevent future exploitation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched. Since the issue stems from a specific commit, applying the latest stable kernel releases or vendor-provided security patches that address this commit is critical. Organizations should audit their use of BPF and perf tools, restricting access to unprivileged users to minimize attack surface. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and enabling kernel lockdown modes can reduce exploitation likelihood. Monitoring kernel logs for KASAN or perf subsystem errors can help detect attempts to trigger this vulnerability. For environments using containerization or virtualization, ensuring host kernels are patched is essential, as guest OS exploits could escalate to host compromise. Additionally, organizations should implement strict access controls and auditing around performance monitoring tools and BPF programs to prevent unauthorized usage.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2023-53065: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 worker_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") use on-stack struct perf_sample_data of the caller function. However, perf_event_bpf_output uses incorrect parameter to convert small-sized data (struct perf_bpf_event) into large-sized data (struct perf_sample_data), which causes memory overwriting occurs in __perf_event_header__init_id.
AI-Powered Analysis
Technical Analysis
CVE-2023-53065 is a vulnerability identified in the Linux kernel's perf subsystem, specifically within the perf_event_bpf_output function. The issue arises due to an incorrect parameter usage when converting data structures of differing sizes, namely converting a smaller struct perf_bpf_event into a larger struct perf_sample_data. This misuse leads to memory overwriting in the __perf_event_header__init_id function, which is part of the perf event header initialization process. The vulnerability was discovered through syzkaller, a kernel fuzzing tool, which reported a Kernel Address Sanitizer (KASAN) stack-out-of-bounds error. The call trace indicates the problem occurs during the handling of BPF (Berkeley Packet Filter) related perf events, which are used for performance monitoring and tracing in the Linux kernel. The root cause is linked to the perf_output_begin function's parameter handling, which was incorrectly invoked, causing stack memory corruption. This flaw could potentially be exploited to cause kernel crashes or lead to privilege escalation if an attacker can trigger the vulnerable code path. The vulnerability affects Linux kernel versions containing the commit 267fb27352b6, which attempted to reduce stack usage in perf_output_begin but inadvertently introduced this parameter misuse. No public exploits are known at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-53065 could be significant, especially for those relying heavily on Linux-based infrastructure, including servers, cloud environments, and embedded systems. The perf subsystem is widely used for performance monitoring and tracing, often by system administrators and security tools. Exploitation of this vulnerability could lead to kernel memory corruption, resulting in system instability, denial of service (DoS), or potentially privilege escalation attacks. This could compromise the confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, telecommunications, government, and critical infrastructure, which often deploy Linux servers, could face operational disruptions or data breaches if this vulnerability is exploited. The lack of known exploits currently reduces immediate risk, but the presence of a kernel memory corruption bug in a widely deployed OS kernel component warrants urgent attention to prevent future exploitation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched. Since the issue stems from a specific commit, applying the latest stable kernel releases or vendor-provided security patches that address this commit is critical. Organizations should audit their use of BPF and perf tools, restricting access to unprivileged users to minimize attack surface. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and enabling kernel lockdown modes can reduce exploitation likelihood. Monitoring kernel logs for KASAN or perf subsystem errors can help detect attempts to trigger this vulnerability. For environments using containerization or virtualization, ensuring host kernels are patched is essential, as guest OS exploits could escalate to host compromise. Additionally, organizations should implement strict access controls and auditing around performance monitoring tools and BPF programs to prevent unauthorized usage.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.548Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6e8c
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 3:56:05 AM
Last updated: 7/31/2025, 9:20:21 AM
Views: 10
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.