What is CVE-2023-53796?

CVE-2023-53796 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.3 onward and patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53796 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53796?

CVE-2023-53796 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53796?

Yes, CVE-2023-53796 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 4.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53796 actively exploited?

CVE-2023-53796 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk. This was found by running xfstest generic/435 on a KMSAN-enabled kernel.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.3 and later are affected. Fixed in 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 4.3

Fixed in

✓ 4.14.308 4.14.x ✓ 4.19.276 4.19.x ✓ 5.4.235 5.4.x ✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53796 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/00b5587326625d0fddb2a5f5a3d4acd950102ace
Patch
Kernel patch commit
https://git.kernel.org/stable/c/117d4f6687b1f74423b5d398ea95c63b262a8e73
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2bef8314fcf94ddc27e22d03f237c0fafd00de33
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53796?

CVE-2023-53796 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.3 onward and has been patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53796 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53796?

Yes — CVE-2023-53796 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 4.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53796 actively exploited?

No — CVE-2023-53796 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.