CVE-2023-53440 (GCVE-0-2023-53440)

Vulnerability from cvelistv5 – Published: 2025-09-18 16:04 – Updated: 2026-01-14 19:23
VLAI?
Title
nilfs2: fix sysfs interface lifetime
Summary
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings. Some of the sysfs attributes for nilfs2 per-filesystem instance refer to metadata file "cpfile", "sufile", or "dat", but nilfs_sysfs_create_device_group that creates those attributes is executed before the inodes for these metadata files are loaded, and nilfs_sysfs_delete_device_group which deletes these sysfs entries is called after releasing their metadata file inodes. Therefore, access to some of these sysfs attributes may occur outside of the lifetime of these metadata files, resulting in inode NULL pointer dereferences or use-after-free. In addition, the call to nilfs_sysfs_create_device_group() is made during the locking period of the semaphore "ns_sem" of nilfs object, so the shrinker call caused by the memory allocation for the sysfs entries, may derive lock dependencies "ns_sem" -> (shrinker) -> "locks acquired in nilfs_evict_inode()". Since nilfs2 may acquire "ns_sem" deep in the call stack holding other locks via its error handler __nilfs_error(), this causes lockdep to report circular locking. This is a false positive and no circular locking actually occurs as no inodes exist yet when nilfs_sysfs_create_device_group() is called. Fortunately, the lockdep warnings can be resolved by simply moving the call to nilfs_sysfs_create_device_group() out of "ns_sem". This fixes these sysfs issues by revising where the device's sysfs interface is created/deleted and keeping its lifetime within the lifetime of the metadata files above.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < d20dcec8f326deb77b6688f8441e014045dac457 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < 5fe0ea141fbb887d407f1bf572ebf24427480d5c (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < 83b16a60e413148685739635901937e2f16a7873 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < 3dbee84bf9e3273c4bb9ca6fc18ff22fba23dd24 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < d540aea451ab5489777a8156560f1388449b3109 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < 1942ccb7d95f287a312fcbabfa8bc9ba501b1953 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < daf4eb3a908b108279b60172d2f176e70d2df875 (git)
Affected: dd70edbde2627f47df118d899de6bbb55abcfdbf , < 42560f9c92cc43dce75dbf06cc0d840dced39b12 (git)
Create a notification for this product.
    Linux Linux Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 4.14.313 , ≤ 4.14.* (semver)
Unaffected: 4.19.281 , ≤ 4.19.* (semver)
Unaffected: 5.4.241 , ≤ 5.4.* (semver)
Unaffected: 5.10.178 , ≤ 5.10.* (semver)
Unaffected: 5.15.107 , ≤ 5.15.* (semver)
Unaffected: 6.1.24 , ≤ 6.1.* (semver)
Unaffected: 6.2.11 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-53440",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T19:17:48.447888Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T19:23:10.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/super.c",
            "fs/nilfs2/the_nilfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d20dcec8f326deb77b6688f8441e014045dac457",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "5fe0ea141fbb887d407f1bf572ebf24427480d5c",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "83b16a60e413148685739635901937e2f16a7873",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "3dbee84bf9e3273c4bb9ca6fc18ff22fba23dd24",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "d540aea451ab5489777a8156560f1388449b3109",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "1942ccb7d95f287a312fcbabfa8bc9ba501b1953",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "daf4eb3a908b108279b60172d2f176e70d2df875",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            },
            {
              "lessThan": "42560f9c92cc43dce75dbf06cc0d840dced39b12",
              "status": "affected",
              "version": "dd70edbde2627f47df118d899de6bbb55abcfdbf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/super.c",
            "fs/nilfs2/the_nilfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.313",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.281",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.241",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.178",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.107",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.24",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.11",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix sysfs interface lifetime\n\nThe current nilfs2 sysfs support has issues with the timing of creation\nand deletion of sysfs entries, potentially leading to null pointer\ndereferences, use-after-free, and lockdep warnings.\n\nSome of the sysfs attributes for nilfs2 per-filesystem instance refer to\nmetadata file \"cpfile\", \"sufile\", or \"dat\", but\nnilfs_sysfs_create_device_group that creates those attributes is executed\nbefore the inodes for these metadata files are loaded, and\nnilfs_sysfs_delete_device_group which deletes these sysfs entries is\ncalled after releasing their metadata file inodes.\n\nTherefore, access to some of these sysfs attributes may occur outside of\nthe lifetime of these metadata files, resulting in inode NULL pointer\ndereferences or use-after-free.\n\nIn addition, the call to nilfs_sysfs_create_device_group() is made during\nthe locking period of the semaphore \"ns_sem\" of nilfs object, so the\nshrinker call caused by the memory allocation for the sysfs entries, may\nderive lock dependencies \"ns_sem\" -\u003e (shrinker) -\u003e \"locks acquired in\nnilfs_evict_inode()\".\n\nSince nilfs2 may acquire \"ns_sem\" deep in the call stack holding other\nlocks via its error handler __nilfs_error(), this causes lockdep to report\ncircular locking.  This is a false positive and no circular locking\nactually occurs as no inodes exist yet when\nnilfs_sysfs_create_device_group() is called.  Fortunately, the lockdep\nwarnings can be resolved by simply moving the call to\nnilfs_sysfs_create_device_group() out of \"ns_sem\".\n\nThis fixes these sysfs issues by revising where the device\u0027s sysfs\ninterface is created/deleted and keeping its lifetime within the lifetime\nof the metadata files above."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T16:04:17.845Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d20dcec8f326deb77b6688f8441e014045dac457"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fe0ea141fbb887d407f1bf572ebf24427480d5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/83b16a60e413148685739635901937e2f16a7873"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dbee84bf9e3273c4bb9ca6fc18ff22fba23dd24"
        },
        {
          "url": "https://git.kernel.org/stable/c/d540aea451ab5489777a8156560f1388449b3109"
        },
        {
          "url": "https://git.kernel.org/stable/c/1942ccb7d95f287a312fcbabfa8bc9ba501b1953"
        },
        {
          "url": "https://git.kernel.org/stable/c/daf4eb3a908b108279b60172d2f176e70d2df875"
        },
        {
          "url": "https://git.kernel.org/stable/c/42560f9c92cc43dce75dbf06cc0d840dced39b12"
        }
      ],
      "title": "nilfs2: fix sysfs interface lifetime",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53440",
    "datePublished": "2025-09-18T16:04:17.845Z",
    "dateReserved": "2025-09-17T14:54:09.751Z",
    "dateUpdated": "2026-01-14T19:23:10.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.