What is CVE-2023-53564?

CVE-2023-53564 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 3.0 onward and patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53564?

CVE-2023-53564 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2023-53564?

Yes, CVE-2023-53564 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 3.0 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53564 actively exploited?

CVE-2023-53564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53564

Medium

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di + ocfs2_split_extent //sub-paths call jbd2_journal_restart + ocfs2_journal_dirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205 #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18 [exception RIP: jbd2_journal_dirty_metadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2] Analysis This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock()")'. For this bug, jbd2_journal_restart() is called by ocfs2_split_extent() during defragmenting. How to fix For ocfs2_split_extent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from __ocfs2_move_extent(). The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html

Package Linux Kernel

Published 2025-10-04

Last modified 2026-03-21

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-617

CVE-2023-53564 is classified as CWE-617

See CWE-617 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 3.0 and later are affected. Fixed in 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 3.0

Fixed in

✓ 4.14.308 4.14.x ✓ 4.19.276 4.19.x ✓ 5.4.235 5.4.x ✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53564 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2c559b3ba8e0b9e3c4bb08159a28ccadc698410f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/33665d1042666f2e5c736a3df1f453e31f030663
Patch
Kernel patch commit
https://git.kernel.org/stable/c/590507ebabd33cd93324c04f9a5538309a5ba934
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2023-53564

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-10-04

Modified 2026-03-21

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2023-53564?

CVE-2023-53564 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 3.0 onward and has been patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53564 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-53564?

CVE-2023-53564 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2023-53564?

Yes — CVE-2023-53564 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 3.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53564 actively exploited?

No — CVE-2023-53564 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.