CVE-2023-53167 – A null pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2023-53167?

CVE-2023-53167 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in the Linux kernel's tracing subsystem allows local users to cause a kernel panic by performing an lseek operation on the /sys/kernel/tracing/error_log file opened with write-only permissions. This affects Linux systems with tracefs enabled, requiring local access and root privileges for exploitation.

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's tracing subsystem allows local users to cause a kernel panic by performing an lseek operation on the /sys/kernel/tracing/error_log file opened with write-only permissions. This affects Linux systems with tracefs enabled, requiring local access and root privileges for exploitation.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated; likely affects multiple stable kernel versions before the fix commits.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires tracefs enabled (common in modern kernels) and access to /sys/kernel/tracing/error_log node.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service causing kernel panic and system crash, requiring physical or remote console access to reboot.

🟠

Likely Case

Limited impact due to requirement for root privileges; potential for local DoS in multi-user systems where root users could crash the system.

🟢

If Mitigated

Minimal impact with proper privilege separation and monitoring of root user activities.

🌐 Internet-Facing: LOW - Requires local access and root privileges; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local root users could intentionally or accidentally crash systems, affecting availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires root privileges and specific sequence: open error_log with write-only permissions, then perform lseek operation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 02b0095e2fbbc060560c1065f86a211d91e27b26, 1e1c9aa9288a46c342f0f2c5c0b1c0876b9b0276, 3b5d9b7b875968a8a8c99dac45cb85b705c44802, 7060e5aac6dc195124c106f49106d653a416323a, or 93114cbc7cb169f6f26eeaed5286b91bb86b463b

Vendor Advisory: https://git.kernel.org/stable/c/02b0095e2fbbc060560c1065f86a211d91e27b26

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict tracefs access

all

Limit access to tracefs directory to prevent unauthorized users from accessing error_log node.

chmod 700 /sys/kernel/tracing
chown root:root /sys/kernel/tracing

Disable tracefs if not needed

all

Remove tracefs mount if tracing functionality is not required.

umount /sys/kernel/tracing

🧯 If You Can't Patch

Implement strict root access controls and monitoring
Disable unnecessary tracing features via kernel boot parameters

🔍 How to Verify

Check if Vulnerable:

Check if /sys/kernel/tracing/error_log exists and current kernel version matches affected range.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits or is newer than patched versions.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages referencing 'tracing_err_log_open' or 'seq_lseek'
NULL pointer dereference at address 0000000000000038 in kernel logs

Network Indicators:

None - local exploitation only

SIEM Query:

source="kernel" AND ("tracing_err_log_open" OR "seq_lseek" OR "NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2023-53167

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (1.6th percentile)

Published: September 15, 2025

Last Updated: November 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53167, you might also want to check these: