vulnerability

Amazon Linux AMI 2: CVE-2023-53020: Security patch for kernel (ALASKERNEL-5.10-2025-089)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:M/Au:S/C:N/I:N/A:C)	Mar 27, 2025	May 22, 2025	May 22, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:N/I:N/A:C)

Published

Mar 27, 2025

Added

May 22, 2025

Modified

May 22, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

l2tp: close all race conditions in l2tp_tunnel_register()

The code in l2tp_tunnel_register() is racy in several ways:

1. It modifies the tunnel socket _after_ publishing it.

2. It calls setup_udp_tunnel_sock() on an existing socket without
locking.

3. It changes sock lock class on fly, which triggers many syzbot
reports.

This patch amends all of them by moving socket initialization code
before publishing and under sock lock. As suggested by Jakub, the
l2tp lockdep class is not necessary as we can just switch to
bh_lock_sock_nested().

Solution(s)

amazon-linux-ami-2-upgrade-bpftoolamazon-linux-ami-2-upgrade-bpftool-debuginfoamazon-linux-ami-2-upgrade-kernelamazon-linux-ami-2-upgrade-kernel-debuginfoamazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64amazon-linux-ami-2-upgrade-kernel-develamazon-linux-ami-2-upgrade-kernel-headersamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-167-147-601amazon-linux-ami-2-upgrade-kernel-toolsamazon-linux-ami-2-upgrade-kernel-tools-debuginfoamazon-linux-ami-2-upgrade-kernel-tools-develamazon-linux-ami-2-upgrade-perfamazon-linux-ami-2-upgrade-perf-debuginfoamazon-linux-ami-2-upgrade-python-perfamazon-linux-ami-2-upgrade-python-perf-debuginfo

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today