What is CVE-2023-53754?

CVE-2023-53754 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.17 onward and patched in 5.4.243, 5.10.180, 5.15.111 and others. CVE-2023-53754 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53754?

CVE-2023-53754 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53754?

Yes, CVE-2023-53754 has been patched. Fixed versions include 5.4.243, 5.10.180, 5.15.111 and others. If you are running Linux kernel 4.17 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53754 actively exploited?

CVE-2023-53754 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53754

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4) returns false, drbl_regs_memmap_p is not remapped. This passes a NULL pointer to iounmap(), which can trigger a WARN() on certain arches. When if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4) returns true, drbl_regs_memmap_p may has been remapped and ctrl_regs_memmap_p is not remapped. This is a resource leak and passes a NULL pointer to iounmap(). To fix these issues, we need to add null checks before iounmap(), and change some goto labels.

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.17 and later are affected. Fixed in 5.4.243, 5.10.180, 5.15.111, 6.1.28, 6.2.15, 6.3.2, 6.4 and their respective stable series.

Affected from

≥ 4.17

Fixed in

✓ 5.4.243 5.4.x ✓ 5.10.180 5.10.x ✓ 5.15.111 5.15.x ✓ 6.1.28 6.1.x ✓ 6.2.15 6.2.x ✓ 6.3.2 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-53754 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/631d0fab143bef85ea0813596f1dda36e2b9724c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/74d90f92eafe8ccd12827228236a28a94eda6bcc
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7e5a54d1f00725a739dcd20f616d82eff4f764bd
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53754?

CVE-2023-53754 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.17 onward and has been patched in 5.4.243, 5.10.180, 5.15.111 and others. CVE-2023-53754 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53754?

Yes — CVE-2023-53754 has been patched. Fixed versions include 5.4.243, 5.10.180, 5.15.111 and others. If you are running Linux kernel 4.17 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53754 actively exploited?

No — CVE-2023-53754 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.