What is CVE-2023-53728?

CVE-2023-53728 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.10 onward and patched in 4.14.322, 4.19.291, 5.4.251 and others. CVE-2023-53728 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53728?

CVE-2023-53728 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53728?

Yes, CVE-2023-53728 has been patched. Fixed versions include 4.14.322, 4.19.291, 5.4.251 and others. If you are running Linux kernel 3.10 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53728 actively exploited?

CVE-2023-53728 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53728

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID space for a free slot one by one. The loop has to terminate when the search wrapped around to the starting point. But that's racy vs. establishing the starting point. That is read out lockless, which leads to the following problem: CPU0 CPU1 posix_timer_add() start = sig->posix_timer_id; lock(hash_lock); ... posix_timer_add() if (++sig->posix_timer_id < 0) start = sig->posix_timer_id; sig->posix_timer_id = 0; So CPU1 can observe a negative start value, i.e. -1, and the loop break never happens because the condition can never be true: if (sig->posix_timer_id == start) break; While this is unlikely to ever turn into an endless loop as the ID space is huge (INT_MAX), the racy read of the start value caught the attention of KCSAN and Dmitry unearthed that incorrectness. Rewrite it so that all id operations are under the hash lock.

Package Linux Kernel

Published 2025-10-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.10 and later are affected. Fixed in 4.14.322, 4.19.291, 5.4.251, 5.10.188, 5.15.150, 6.1.107, 6.4.7, 6.5 and their respective stable series.

Affected from

≥ 3.10

Fixed in

✓ 4.14.322 4.14.x ✓ 4.19.291 4.19.x ✓ 5.4.251 5.4.x ✓ 5.10.188 5.10.x ✓ 5.15.150 5.15.x ✓ 6.1.107 6.1.x ✓ 6.4.7 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-53728 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/322377cc909defcca9451487484845e7e1d20d1b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6a0ac84501b4fec73a1a823c55cf13584c43f418
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53728?

CVE-2023-53728 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.10 onward and has been patched in 4.14.322, 4.19.291, 5.4.251 and others. CVE-2023-53728 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53728?

Yes — CVE-2023-53728 has been patched. Fixed versions include 4.14.322, 4.19.291, 5.4.251 and others. If you are running Linux kernel 3.10 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53728 actively exploited?

No — CVE-2023-53728 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.