What is CVE-2023-53035?

CVE-2023-53035 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10, affecting Linux kernel versions from 2.6.31 onward and patched in 4.14.312, 4.19.280, 5.4.240 and others. CVE-2023-53035 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53035?

CVE-2023-53035 has a CVSS score of 7.1 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Is there a patch available for CVE-2023-53035?

Yes, CVE-2023-53035 has been patched. Fixed versions include 4.14.312, 4.19.280, 5.4.240 and others. If you are running Linux kernel 2.6.31 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53035 actively exploited?

CVE-2023-53035 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53035

High

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the size of the metadata element (nilfs_suinfo structure or nilfs_cpinfo structure) on the file system side. KMSAN-enabled kernels detect this issue as follows: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 16-127 of 3968 are uninitialized ... This eliminates the leak issue by initializing the page allocated as buffer using get_zeroed_page().

Package Linux Kernel

Published 2025-05-02

Last modified 2026-03-17

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.1

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected versions

Linux kernel versions 2.6.31 and later are affected. Fixed in 4.14.312, 4.19.280, 5.4.240, 5.10.177, 5.15.105, 6.1.22, 6.2.9, 6.3 and their respective stable series.

Affected from

≥ 2.6.31

Fixed in

✓ 4.14.312 4.14.x ✓ 4.19.280 4.19.x ✓ 5.4.240 5.4.x ✓ 5.10.177 5.10.x ✓ 5.15.105 5.15.x ✓ 6.1.22 6.1.x ✓ 6.2.9 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53035 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/003587000276f81d0114b5ce773d80c119d8cb30
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5bb105cc72beb9d51bf12f5c657336d2d35bdc5d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5f33b042f74fc9662eba17f4cd19b07d84bbc6c5
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2023-53035

Severity High

CVSS score 7.1 / 10

CVSS version 3.1

Published 2025-05-02

Modified 2026-03-17

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2023-53035?

CVE-2023-53035 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 . It affects Linux kernel versions from 2.6.31 onward and has been patched in 4.14.312, 4.19.280, 5.4.240 and others. CVE-2023-53035 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-53035?

CVE-2023-53035 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Is there a patch available for CVE-2023-53035?

Yes — CVE-2023-53035 has been patched. Fixed versions include 4.14.312, 4.19.280, 5.4.240 and others. If you are running Linux kernel 2.6.31 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53035 actively exploited?

No — CVE-2023-53035 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.