CVE-2023-53594
📋 TL;DR
A resource leak vulnerability in the Linux kernel's device_add() function occurs when kobject_add() fails, leaving dev->kobj.parent set to NULL and preventing proper cleanup. This can cause kernel module loading failures and potential system instability. Affects Linux systems with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or denial of service due to resource exhaustion from repeated failed device creation attempts, potentially leading to kernel panic.
Likely Case
Failed kernel module loading (like mac80211_hwsim.ko) causing hardware/driver initialization failures and system instability.
If Mitigated
Minor system disruption requiring module reload or system restart if triggered accidentally.
🎯 Exploit Status
Exploitation requires ability to load kernel modules or trigger device creation with duplicate names. More of a reliability issue than security vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 6977b1a5d67097eaa4d02b0c126c04cc6e8917c0, 8d389e363075c2e1deb84a560686ea92123e4b8b, d1dbff10c6cd3b43457f3efd3c9c4950009635bf, f39d21154db87545d8f0b25d13c326f37cc32239
Vendor Advisory: https://git.kernel.org/stable/c/6977b1a5d67097eaa4d02b0c126c04cc6e8917c0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Check kernel version with 'uname -r'. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Prevent duplicate device creation
linuxAvoid loading kernel modules or creating devices with duplicate names in sysfs
Restrict kernel module loading
linuxLimit which users can load kernel modules to reduce attack surface
echo 1 > /proc/sys/kernel/modules_disabled
chmod 600 /lib/modules/$(uname -r)/modules.*
🧯 If You Can't Patch
- Monitor system logs for 'sysfs: cannot create duplicate filename' errors and investigate source
- Implement strict change control for kernel module loading and device creation
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution security advisories. Look for 'sysfs: cannot create duplicate filename' errors in dmesg or system logs.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version. Attempt to reproduce with test module loading (not recommended in production).📡 Detection & Monitoring
Log Indicators:
- sysfs: cannot create duplicate filename
- kobject_add_internal failed
- device_add() error messages in kernel logs
SIEM Query:
source="kernel" AND ("sysfs: cannot create duplicate filename" OR "kobject_add_internal failed" OR "device_add failed")