{"id":"CVE-2023-54211","summary":"tracing: Fix warning in trace_buffered_event_disable()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n  WARN_ON_ONCE(!trace_buffered_event_ref)\n\n  Call Trace:\n   ? __warn+0xa5/0x1b0\n   ? trace_buffered_event_disable+0x189/0x1b0\n   __ftrace_event_enable_disable+0x19e/0x3e0\n   free_probe_data+0x3b/0xa0\n   unregister_ftrace_function_probe_func+0x6b8/0x800\n   event_enable_func+0x2f0/0x3d0\n   ftrace_process_regex.isra.0+0x12d/0x1b0\n   ftrace_filter_write+0xe6/0x140\n   vfs_write+0x1c9/0x6f0\n   [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a 'disable_event' command, then:\n #    1) SOFT_DISABLED_BIT was set;\n #    2) trace_buffered_event_enable() was called first time;\n echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' \u003e \\\n     set_ftrace_filter\n\n # 2. Enable the event registered, then:\n #    1) SOFT_DISABLED_BIT was cleared;\n #    2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n #    set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the 'disable_event' command, then:\n #    1) SOFT_DISABLED_BIT was cleared again;\n #    2) trace_buffered_event_disable() was called second time!!!\n echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' \u003e \\\n     set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled.","modified":"2026-03-31T17:29:56.474316491Z","published":"2025-12-30T12:11:09.356Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54211.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583"},{"type":"WEB","url":"https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817"},{"type":"WEB","url":"https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54211.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54211"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9"},{"fixed":"1488d782c9e43087a3f341b8186cd25f3cf75583"},{"fixed":"b4f4ab423107dc1ba8e9cc6488c645be6403d3f5"},{"fixed":"cdcc35e6454133feb61561b4e0d0c80e52cbc2ba"},{"fixed":"a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074"},{"fixed":"813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20"},{"fixed":"a3a3c7bddab9b6c5690b20796ef5e332b8c48afb"},{"fixed":"528c9d73153754defb748f0b96ad33308668d817"},{"fixed":"dea499781a1150d285c62b26659f62fb00824fce"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54211.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.7.0"},{"fixed":"4.14.322"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.291"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.190"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.124"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54211.json"}}],"schema_version":"1.7.5"}