CVE-2023-53065 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2023-53065?

CVE-2023-53065 has a CVSS score of 7.8 (HIGH). A stack-based buffer overflow vulnerability in the Linux kernel's perf subsystem allows local attackers to corrupt kernel memory. This affects Linux systems with BPF (Berkeley Packet Filter) enabled, potentially leading to privilege escalation or denial of service.

📋 TL;DR

A stack-based buffer overflow vulnerability in the Linux kernel's perf subsystem allows local attackers to corrupt kernel memory. This affects Linux systems with BPF (Berkeley Packet Filter) enabled, potentially leading to privilege escalation or denial of service.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated in CVE, but references indicate multiple stable kernel versions were patched.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CONFIG_BPF_SYSCALL and CONFIG_PERF_EVENTS enabled (common in modern distributions).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel crash leading to denial of service, system instability, or information disclosure through memory corruption.

🟢

If Mitigated

Limited impact if BPF is disabled or access controls restrict local user privileges.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from network.

🏢 Internal Only: MEDIUM - Local users or compromised services could exploit this for privilege escalation or DoS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger perf_event_bpf_output. Syzkaller fuzzer discovered this issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 3a776fddb4e5598c8bfcd4ad094fba34f9856fc9 and others referenced

Vendor Advisory: https://git.kernel.org/stable/c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable BPF subsystem

linux

Disable BPF functionality to prevent exploitation

echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
sysctl -w kernel.unprivileged_bpf_disabled=1

Restrict perf_event access

linux

Limit perf_event usage to privileged users only

sysctl -w kernel.perf_event_paranoid=3

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor for unusual perf_event or BPF-related system calls

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's patched versions. Vulnerable if using unpatched kernel with BPF enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version from vendor. Check that perf_event_bpf_output functions correctly without crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN stack-out-of-bounds reports
perf subsystem crashes in dmesg

Network Indicators:

None - local exploitation only

SIEM Query:

Search for: 'KASAN: stack-out-of-bounds', 'perf_event_bpf_output', or kernel panic events

📊 Metadata

CVE ID: CVE-2023-53065

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: May 2, 2025

Last Updated: November 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53065, you might also want to check these: