CVE-2023-53793
Description
In the Linux kernel, the following vulnerability has been resolved:
perf tool x86: Fix perf_env memory leak
Found by leak sanitizer: `` ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 byte(s) in 1 object(s) allocated from: #0 0x7f2953a7077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439 #1 0x556701d6fbbf in perf_env__read_cpuid util/env.c:369 #2 0x556701d70589 in perf_env__cpuid util/env.c:465 #3 0x55670204bba2 in x86__is_amd_cpu arch/x86/util/env.c:14 #4 0x5567020487a2 in arch__post_evsel_config arch/x86/util/evsel.c:83 #5 0x556701d8f78b in evsel__config util/evsel.c:1366 #6 0x556701ef5872 in evlist__config util/record.c:108 #7 0x556701cd6bcd in test__PERF_RECORD tests/perf-record.c:112 #8 0x556701cacd07 in run_test tests/builtin-test.c:236 #9 0x556701cacfac in test_and_print tests/builtin-test.c:265 #10 0x556701cadddb in __cmd_test tests/builtin-test.c:402 #11 0x556701caf2aa in cmd_test tests/builtin-test.c:559 #12 0x556701d3b557 in run_builtin tools/perf/perf.c:323 #13 0x556701d3bac8 in handle_internal_command tools/perf/perf.c:377 #14 0x556701d3be90 in run_argv tools/perf/perf.c:421 #15 0x556701d3c3f8 in main tools/perf/perf.c:537 #16 0x7f2952a46189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s). ``
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in Linux kernel's perf tool on x86 when reading CPUID, causing 21-byte leak per call.
Vulnerability
Analysis
CVE-2023-53793 is a memory leak vulnerability in the Linux kernel's perf tool on x86 architecture. The bug resides in the perf_env__read_cpuid function in util/env.c, which allocates memory via strdup but fails to free it under certain conditions. This was identified by AddressSanitizer, showing a direct leak of 21 bytes per allocation [1].
The leak occurs during perf event configuration when the tool reads the CPUID string to determine the CPU vendor. The function perf_env__read_cpuid duplicates a string without proper deallocation, and this leaked memory accumulates when perf commands are executed repeatedly. The attack surface is limited to local users running the perf tool, as no network or privilege escalation is involved. Exploitation requires no special authentication beyond normal user access.
The primary impact is gradual memory exhaustion on systems running perf, potentially leading to denial of service for the perf tool itself or related processes. However, the leak is small (21 bytes per call) and would require a very large number of invocations to cause significant harm. The vulnerability is considered low severity.
Mitigation
The fix has been applied in the Linux kernel via commits that properly free the allocated memory after use [2]. Users should update their kernel to a patched version. No workarounds are available other than avoiding repeated use of perf in untrusted environments.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
475d65c1cc439010139bfc6bbf3daf02a41e399d4850062a8Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.