What is CVE-2023-53485?

CVE-2023-53485 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, affecting Linux kernel versions from 2.6.12 onward and patched in 4.14.324, 4.19.293, 5.4.255 and others. CVE-2023-53485 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53485?

CVE-2023-53485 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2023-53485?

Yes, CVE-2023-53485 has been patched. Fixed versions include 4.14.324, 4.19.293, 5.4.255 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53485 actively exploited?

CVE-2023-53485 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53485

High

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type 's8[341]' (aka 'signed char[341]') CPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAllocDmapLev+0x3e5/0x430 fs/jfs/jfs_dmap.c:1965 dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1809 dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1350 dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:874 dtSplitUp fs/jfs/jfs_dtree.c:974 [inline] dtInsert+0xda7/0x6b00 fs/jfs/jfs_dtree.c:863 jfs_create+0x7b6/0xbb0 fs/jfs/namei.c:137 lookup_open fs/namei.c:3492 [inline] open_last_lookups fs/namei.c:3560 [inline] path_openat+0x13df/0x3170 fs/namei.c:3788 do_filp_open+0x234/0x490 fs/namei.c:3818 do_sys_openat2+0x13f/0x500 fs/open.c:1356 do_sys_open fs/open.c:1372 [inline] __do_sys_openat fs/open.c:1388 [inline] __se_sys_openat fs/open.c:1383 [inline] __x64_sys_openat+0x247/0x290 fs/open.c:1383 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f1f4e33f7e9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc21129578 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f4e33f7e9 RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c RBP: 00007f1f4e2ff080 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f4e2ff110 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> The bug occurs when the dbAllocDmapLev()function attempts to access dp->tree.stree[leafidx + LEAFIND] while the leafidx value is negative. To rectify this, the patch introduces a safeguard within the dbAllocDmapLev() function. A check has been added to verify if leafidx is negative. If it is, the function immediately returns an I/O error, preventing any further execution that could potentially cause harm. Tested via syzbot.

Package Linux Kernel

Published 2025-10-01

Last modified 2026-01-23

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-129

CVE-2023-53485 is classified as CWE-129

See CWE-129 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 2.6.12 and later are affected. Fixed in 4.14.324, 4.19.293, 5.4.255, 5.10.192, 5.15.123, 6.1.42, 6.4.7, 6.5 and their respective stable series.

Affected from

≥ 2.6.12

Fixed in

✓ 4.14.324 4.14.x ✓ 4.19.293 4.19.x ✓ 5.4.255 5.4.x ✓ 5.10.192 5.10.x ✓ 5.15.123 5.15.x ✓ 6.1.42 6.1.x ✓ 6.4.7 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-53485 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0d9e678a82915633b99603f744e7735d1a673d72
Patch
Kernel patch commit
https://git.kernel.org/stable/c/39f6292d75959e8accac0b3e24090094ba0824e9
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4e302336d5ca1767a06beee7596a72d3bdc8d983
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2023-53485

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2025-10-01

Modified 2026-01-23

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2023-53485?

CVE-2023-53485 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . It affects Linux kernel versions from 2.6.12 onward and has been patched in 4.14.324, 4.19.293, 5.4.255 and others. CVE-2023-53485 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-53485?

CVE-2023-53485 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2023-53485?

Yes — CVE-2023-53485 has been patched. Fixed versions include 4.14.324, 4.19.293, 5.4.255 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53485 actively exploited?

No — CVE-2023-53485 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.