What is CVE-2023-53747?

CVE-2023-53747 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.38 onward and patched in 4.14.327, 4.19.284, 5.4.244 and others. CVE-2023-53747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53747?

CVE-2023-53747 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53747?

Yes, CVE-2023-53747 has been patched. Fixed versions include 4.14.327, 4.19.284, 5.4.244 and others. If you are running Linux kernel 2.6.38 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53747 actively exploited?

CVE-2023-53747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53747

In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215) Read of size 4 at addr ffff8880beab89a8 by task repro_vcs_size/4119 Call Trace: <TASK> __asan_report_load4_noabort (mm/kasan/report_generic.c:380) vcs_size (drivers/tty/vt/vc_screen.c:215) vcs_write (drivers/tty/vt/vc_screen.c:664) vfs_write (fs/read_write.c:582 fs/read_write.c:564) ... <TASK> Allocated by task 1213: kmalloc_trace (mm/slab_common.c:1064) vc_allocate (./include/linux/slab.h:559 ./include/linux/slab.h:680 drivers/tty/vt/vt.c:1078 drivers/tty/vt/vt.c:1058) con_install (drivers/tty/vt/vt.c:3334) tty_init_dev (drivers/tty/tty_io.c:1303 drivers/tty/tty_io.c:1415 drivers/tty/tty_io.c:1392) tty_open (drivers/tty/tty_io.c:2082 drivers/tty/tty_io.c:2128) chrdev_open (fs/char_dev.c:415) do_dentry_open (fs/open.c:921) vfs_open (fs/open.c:1052) ... Freed by task 4116: kfree (mm/slab_common.c:1016) vc_port_destruct (drivers/tty/vt/vt.c:1044) tty_port_destructor (drivers/tty/tty_port.c:296) tty_port_put (drivers/tty/tty_port.c:312) vt_disallocate_all (drivers/tty/vt/vt_ioctl.c:662 (discriminator 2)) vt_ioctl (drivers/tty/vt/vt_ioctl.c:903) tty_ioctl (drivers/tty/tty_io.c:2778) ... The buggy address belongs to the object at ffff8880beab8800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 424 bytes inside of freed 1024-byte region [ffff8880beab8800, ffff8880beab8c00) The buggy address belongs to the physical page: page:00000000afc77580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbeab8 head:00000000afc77580 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 000fffffc0010200 ffff888100042dc0 ffffea000426de00 dead000000000002 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880beab8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880beab8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880beab8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880beab8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880beab8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Disabling lock debugging due to kernel taint

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.38 and later are affected. Fixed in 4.14.327, 4.19.284, 5.4.244, 5.10.181, 5.15.113, 6.1.30, 6.3.4, 6.4 and their respective stable series.

Affected from

≥ 2.6.38

Fixed in

✓ 4.14.327 4.14.x ✓ 4.19.284 4.19.x ✓ 5.4.244 5.4.x ✓ 5.10.181 5.10.x ✓ 5.15.113 5.15.x ✓ 6.1.30 6.1.x ✓ 6.3.4 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-53747 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0deff678157333d775af190f84696336cdcccd6d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/11dddfbb7a4e62489b01074d6c04d9d1b42e4047
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1de42e7653d6714a7507ba6696151a1fa028c69f
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53747?

CVE-2023-53747 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.38 onward and has been patched in 4.14.327, 4.19.284, 5.4.244 and others. CVE-2023-53747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53747?

Yes — CVE-2023-53747 has been patched. Fixed versions include 4.14.327, 4.19.284, 5.4.244 and others. If you are running Linux kernel 2.6.38 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53747 actively exploited?

No — CVE-2023-53747 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.