LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53075: ftrace: Fix invalid address access in lookup_rec() when index is 0

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-53075 is a Linux kernel memory safety bug in ftrace, a kernel tracing component. Under a specific index-zero condition, the kernel can read before an allocated records array. Public sources describe a KASAN-detected use-after-free, not confirmed real-world exploitation.

Executive priority

Treat as a routine but important Linux kernel maintenance item. There is no public evidence of exploitation, but kernel memory bugs can affect system stability and security boundaries. Patch through normal kernel update cycles, faster for multi-user or high-assurance systems.

Technical view

In lookup_rec(), ftrace checked pg->records[pg->index - 1].ip even when pg->index was 0, causing access to records[-1]. The reported trace involves modprobe, ftrace_location, arch_check_ftrace_location, check_kprobe_address_safe, and register_kprobe. The fix avoids the IP check when index is 0.

Likely exposure

Exposure is Linux systems running affected kernel versions identified by the CVE data, including listed 4.14.311, 4.19.279, 5.4.238, 5.10.176, 5.15.104, 6.1.21, 6.2.8, and 6.3 lines. Distribution backports may change status.

Exploitation context

The source bundle does not show CISA KEV listing or active exploitation. The known trigger context is kernel tracing and kprobe registration paths, observed by KASAN during modprobe activity. Public data does not establish remote exploitability or practical exploitation requirements.

Researcher notes

The available record lacks CVSS, CWE, and exploitability detail. Analysis should focus on the ftrace lookup_rec boundary condition and affected branch mapping. Avoid assuming privilege escalation or remote attack without additional vendor or upstream evidence.

Mitigation direction

  • Update to a vendor-supported kernel containing the referenced stable ftrace fixes.
  • Use distribution advisories to confirm whether fixes were backported to your kernel build.
  • Prioritize shared Linux systems and hosts where kernel tracing or kprobes are used.
  • If no vendor package exists, track the cited upstream stable commits.

Validation and detection

  • Inventory Linux kernel versions across servers, endpoints, containers hosts, and appliances.
  • Compare installed kernel builds against distribution advisories for CVE-2023-53075.
  • Check whether your kernel includes the cited stable commit for its branch.
  • Review kernel logs for KASAN or ftrace lookup_rec warnings, if KASAN kernels are used.
Prepared
Confidence
high
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53075 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
9Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33e, 9644302e3315e7e36495d230d5ac7125a316d33eunaffected
LinuxLinux3.5, 0, 4.14.311, 4.19.279, 5.4.238, 5.10.176, 5.15.104, 6.1.21, 6.2.8, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.