What is CVE-2023-53791?

CVE-2023-53791 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.5 onward and patched in 6.5.5 and 6.6. CVE-2023-53791 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53791?

CVE-2023-53791 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53791?

Yes, CVE-2023-53791 has been patched. Fixed versions include 6.5.5 and 6.6. If you are running Linux kernel 6.5 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53791 actively exploited?

CVE-2023-53791 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_rdev()") fix the problem that 'claim_rdev' is used for blkdev_get_by_dev() while 'rdev' is used for blkdev_put(). However, if mddev->external is changed from 0 to 1, then 'rdev' is used for blkdev_get_by_dev() while 'claim_rdev' is used for blkdev_put(). And this problem can be reporduced reliably by following: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" runtime=2 clean_up_test() { pill -9 $pid echo clear > /sys/block/md0/md/array_state } trap 'clean_up_test' EXIT add_by_sysfs() { while true; do echo $devt > /sys/block/md0/md/new_dev done } remove_by_sysfs(){ while true; do echo remove > /sys/block/md0/md/dev-${devname}/state done } echo md0 > /sys/module/md_mod/parameters/new_array || die "create md0 failed" add_by_sysfs & pid="$pid $!" remove_by_sysfs & pid="$pid $!" sleep $runtime exit 0 Test cmd: ./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime Test result: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdev_put+0x27c/0x330 Modules linked in: multipath md_mod loop CPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50 RIP: 0010:blkdev_put+0x27c/0x330 Call Trace: <TASK> export_rdev.isra.23+0x50/0xa0 [md_mod] mddev_unlock+0x19d/0x300 [md_mod] rdev_attr_store+0xec/0x190 [md_mod] sysfs_kf_write+0x52/0x70 kernfs_fop_write_iter+0x19a/0x2a0 vfs_write+0x3b5/0x770 ksys_write+0x74/0x150 __x64_sys_write+0x22/0x30 do_syscall_64+0x40/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Fix the problem by recording if 'rdev' is used as holder.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.5 and later are affected. Fixed in 6.5.5, 6.6 and their respective stable series.

Affected from

≥ 6.5

Fixed in

✓ 6.5.5 6.5.x ✓ 6.6

References

The following references provide additional information about CVE-2023-53791 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/99892147f028d711f9d40fefad4f33632593864c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/99fcd427178d0f58f5520f8f01df727f8eaeb2c7
Patch

Frequently asked questions

What is CVE-2023-53791?

CVE-2023-53791 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.5 onward and has been patched in 6.5.5 and 6.6. CVE-2023-53791 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53791?

Yes — CVE-2023-53791 has been patched. Fixed versions include 6.5.5 and 6.6. If you are running Linux kernel 6.5 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53791 actively exploited?

No — CVE-2023-53791 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.