{"id":"AZL-71230","summary":"CVE-2023-53221 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memleak due to fentry attach failure\n\nIf it fails to attach fentry, the allocated bpf trampoline image will be\nleft in the system. That can be verified by checking /proc/kallsyms.\n\nThis meamleak can be verified by a simple bpf program as follows:\n\n  SEC(\"fentry/trap_init\")\n  int fentry_run()\n  {\n      return 0;\n  }\n\nIt will fail to attach trap_init because this function is freed after\nkernel init, and then we can find the trampoline image is left in the\nsystem by checking /proc/kallsyms.\n\n  $ tail /proc/kallsyms\n  ffffffffc0613000 t bpf_trampoline_6442453466_1  [bpf]\n  ffffffffc06c3000 t bpf_trampoline_6442453466_1  [bpf]\n\n  $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep \"FUNC 'trap_init'\"\n  [2522] FUNC 'trap_init' type_id=119 linkage=static\n\n  $ echo $((6442453466 & 0x7fffffff))\n  2522\n\nNote that there are two left bpf trampoline images, that is because the\nlibbpf will fallback to raw tracepoint if -EINVAL is returned.","modified":"2026-04-01T05:22:30.757350Z","published":"2025-09-15T15:15:48Z","upstream":["CVE-2023-53221"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53221"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71230.json"}}],"schema_version":"1.7.5"}