CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in trace_buffered_event_disable() Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref) Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 vfs_write+0x1c9/0x6f0 [...] The cause of the warning is in __ftrace_event_enable_disable(), trace_buffered_event_enable() was called once while trace_buffered_event_disable() was called twice. Reproduction script show as below, for analysis, see the comments: ``` #!/bin/bash cd /sys/kernel/tracing/ # 1. Register a 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was set; # 2) trace_buffered_event_enable() was called first time; echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter # 2. Enable the event registered, then: # 1) SOFT_DISABLED_BIT was cleared; # 2) trace_buffered_event_disable() was called first time; echo 1 > events/initcall/initcall_finish/enable # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was # set again!!! cat /proc/cmdline # 4. Unregister the 'disable_event' command, then: # 1) SOFT_DISABLED_BIT was cleared again; # 2) trace_buffered_event_disable() was called second time!!! echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \ set_ftrace_filter ``` To fix it, IIUC, we can change to call trace_buffered_event_enable() at fist time soft-mode enabled, and call trace_buffered_event_disable() at last time soft-mode disabled.

Package Linux Kernel
Published 2025-12-30
Last modified 2026-04-15
Patch available
Yes

Affected versions

Linux kernel versions 4.7 and later are affected. Fixed in 4.14.322, 4.19.291, 5.4.253, 5.10.190, 5.15.124, 6.1.43, 6.4.8, 6.5 and their respective stable series.

Affected from
≥ 4.7
Fixed in
✓ 4.14.322 4.14.x ✓ 4.19.291 4.19.x ✓ 5.4.253 5.4.x ✓ 5.10.190 5.10.x ✓ 5.15.124 5.15.x ✓ 6.1.43 6.1.x ✓ 6.4.8 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-54211 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

8 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2023-54211?

    CVE-2023-54211 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.7 onward and has been patched in 4.14.322, 4.19.291, 5.4.253 and others. CVE-2023-54211 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • Is there a patch available for CVE-2023-54211?

    Yes — CVE-2023-54211 has been patched. Fixed versions include 4.14.322, 4.19.291, 5.4.253 and others. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2023-54211 actively exploited?

    No — CVE-2023-54211 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST