CVE-2023-53440 Affecting kernel-tools-devel package, versions <0:4.14.313-235.533.amzn2
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-AMZN2-KERNELTOOLSDEVEL-13451213
- published8 Oct 2025
- disclosed18 Sept 2025
Introduced: 18 Sep 2025
NewCVE-2023-53440 (opens in a new tab)How to fix?
Upgrade Amazon-Linux:2 kernel-tools-devel to version 0:4.14.313-235.533.amzn2 or higher.
This issue was patched in ALAS2-2023-2027.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel package and not the kernel-tools-devel package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix sysfs interface lifetime
The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings.
Some of the sysfs attributes for nilfs2 per-filesystem instance refer to metadata file "cpfile", "sufile", or "dat", but nilfs_sysfs_create_device_group that creates those attributes is executed before the inodes for these metadata files are loaded, and nilfs_sysfs_delete_device_group which deletes these sysfs entries is called after releasing their metadata file inodes.
Therefore, access to some of these sysfs attributes may occur outside of the lifetime of these metadata files, resulting in inode NULL pointer dereferences or use-after-free.
In addition, the call to nilfs_sysfs_create_device_group() is made during the locking period of the semaphore "ns_sem" of nilfs object, so the shrinker call caused by the memory allocation for the sysfs entries, may derive lock dependencies "ns_sem" -> (shrinker) -> "locks acquired in nilfs_evict_inode()".
Since nilfs2 may acquire "ns_sem" deep in the call stack holding other locks via its error handler __nilfs_error(), this causes lockdep to report circular locking. This is a false positive and no circular locking actually occurs as no inodes exist yet when nilfs_sysfs_create_device_group() is called. Fortunately, the lockdep warnings can be resolved by simply moving the call to nilfs_sysfs_create_device_group() out of "ns_sem".
This fixes these sysfs issues by revising where the device's sysfs interface is created/deleted and keeping its lifetime within the lifetime of the metadata files above.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53440
- https://git.kernel.org/stable/c/1942ccb7d95f287a312fcbabfa8bc9ba501b1953
- https://git.kernel.org/stable/c/3dbee84bf9e3273c4bb9ca6fc18ff22fba23dd24
- https://git.kernel.org/stable/c/42560f9c92cc43dce75dbf06cc0d840dced39b12
- https://git.kernel.org/stable/c/5fe0ea141fbb887d407f1bf572ebf24427480d5c
- https://git.kernel.org/stable/c/83b16a60e413148685739635901937e2f16a7873
- https://git.kernel.org/stable/c/d20dcec8f326deb77b6688f8441e014045dac457
- https://git.kernel.org/stable/c/d540aea451ab5489777a8156560f1388449b3109
- https://git.kernel.org/stable/c/daf4eb3a908b108279b60172d2f176e70d2df875