Linux Kernel up to 5.10.176/5.15.104/6.1.21/6.2.8 perf_output_begin out-of-bounds

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.176/5.15.104/6.1.21/6.2.8. This impacts an unknown function. The manipulation of the argument perf_output_begin leads to out-of-bounds. This vulnerability is uniquely identified as CVE-2023-53065. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.176/5.15.104/6.1.21/6.2.8. This issue affects an unknown functionality. The manipulation of the argument perf_output_begin with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 worker_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") use on-stack struct perf_sample_data of the caller function. However, perf_event_bpf_output uses incorrect parameter to convert small-sized data (struct perf_bpf_event) into large-sized data (struct perf_sample_data), which causes memory overwriting occurs in __perf_event_header__init_id.
The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2023-53065 since 05/02/2025. The exploitation is known to be difficult. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 279319 (EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2025-2581)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 5.10.177, 5.15.105, 6.1.22 or 6.2.9 eliminates this vulnerability. Applying the patch ddcf8320003638a06eb1e46412e045d0c5701575/ac5f88642cb211152041f84a985309e9af4baf59/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9/eb81a2ed4f52be831c9fb879752d89645a312c13 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at Tenable (279319). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
- 5.10.176
- 5.15.104
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 6.1.12
- 6.1.13
- 6.1.14
- 6.1.15
- 6.1.16
- 6.1.17
- 6.1.18
- 6.1.19
- 6.1.20
- 6.1.21
- 6.2.0
- 6.2.1
- 6.2.2
- 6.2.3
- 6.2.4
- 6.2.5
- 6.2.6
- 6.2.7
- 6.2.8
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.2VulDB Meta Temp Score: 5.1
VulDB Base Score: 2.6
VulDB Temp Score: 2.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 279319
Nessus Name: EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2025-2581)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.10.177/5.15.105/6.1.22/6.2.9
Patch: ddcf8320003638a06eb1e46412e045d0c5701575/ac5f88642cb211152041f84a985309e9af4baf59/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9/eb81a2ed4f52be831c9fb879752d89645a312c13
Timeline
05/02/2025 🔍05/02/2025 🔍
05/02/2025 🔍
12/19/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-53065 (🔍)
GCVE (CVE): GCVE-0-2023-53065
GCVE (VulDB): GCVE-100-307217
Entry
Created: 05/02/2025 19:48Updated: 12/19/2025 17:03
Changes: 05/02/2025 19:48 (58), 11/12/2025 22:47 (12), 12/19/2025 17:03 (2)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.