CVE-2023-54171
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel Tracing Component via trace_pipe

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter->temp when reading trace_pipe kmemleak reports: unreferenced object 0xffff88814d14e200 (size 256): comm "cat", pid 336, jiffies 4294871818 (age 779.490s) hex dump (first 32 bytes): 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... backtrace: [<ffffffff9bdff18f>] __kmalloc+0x4f/0x140 [<ffffffff9bc9238b>] trace_find_next_entry+0xbb/0x1d0 [<ffffffff9bc9caef>] trace_print_lat_context+0xaf/0x4e0 [<ffffffff9bc94490>] print_trace_line+0x3e0/0x950 [<ffffffff9bc95499>] tracing_read_pipe+0x2d9/0x5a0 [<ffffffff9bf03a43>] vfs_read+0x143/0x520 [<ffffffff9bf04c2d>] ksys_read+0xbd/0x160 [<ffffffff9d0f0edf>] do_syscall_64+0x3f/0x90 [<ffffffff9d2000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 when reading file 'trace_pipe', 'iter->temp' is allocated or relocated in trace_find_next_entry() but not freed before 'trace_pipe' is closed. To fix it, free 'iter->temp' in tracing_release_pipe().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54171
EUVD
EUVD-2023-60470
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's tracing subsystem. Specifically, when reading from the 'trace_pipe' file, a temporary memory allocation ('iter->temp') is made in the function trace_find_next_entry() but is not freed when 'trace_pipe' is closed. This causes unreferenced memory to remain allocated, leading to a memory leak. The fix involves freeing this temporary memory in the tracing_release_pipe() function.

Impact Analysis

The memory leak can cause increased memory usage over time when reading from 'trace_pipe', potentially leading to resource exhaustion or degraded system performance. This could affect system stability, especially on systems that heavily use kernel tracing features.

Mitigation Strategies

To mitigate this vulnerability, update your Linux kernel to a version where the fix has been applied. The fix involves freeing 'iter->temp' in tracing_release_pipe() to prevent memory leaks when reading 'trace_pipe'. Applying the latest kernel patches or updates that address this issue is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54171. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart