What is CVE-2023-53800?

CVE-2023-53800 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.22 onward and patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53800 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53800?

CVE-2023-53800 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53800?

Yes, CVE-2023-53800 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 2.6.22 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53800 actively exploited?

CVE-2023-53800 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53800

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 ubi_eba_copy_table+0x11f/0x1c0 [ubi] ubi_resize_volume+0x4f9/0xbc0 [ubi] ubi_cdev_ioctl+0x701/0x1850 [ubi] __x64_sys_ioctl+0x11d/0x170 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> When ubi_change_vtbl_record() returns an error in ubi_resize_volume(), "new_eba_tbl" will be freed on error handing path, but it is holded by "vol->eba_tbl" in ubi_eba_replace_table(). It means that the liftcycle of "vol->eba_tbl" and "vol" are different, so when resizing volume in next time, it causing an use-after-free fault. Fix it by not freeing "new_eba_tbl" after it replaced in ubi_eba_replace_table(), while will be freed in next volume resizing.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.22 and later are affected. Fixed in 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.100, 6.1.18, 6.2.5, 6.3 and their respective stable series.

Affected from

≥ 2.6.22

Fixed in

✓ 4.14.308 4.14.x ✓ 4.19.276 4.19.x ✓ 5.4.235 5.4.x ✓ 5.10.173 5.10.x ✓ 5.15.100 5.15.x ✓ 6.1.18 6.1.x ✓ 6.2.5 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-53800 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/35f8d4064e54c18424db2997059d4c0b1d13d093
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3d6378f7056ac7350338f941001162a8f660853c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/53818746e549e61841428892a8d94344494be797
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53800?

CVE-2023-53800 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.22 onward and has been patched in 4.14.308, 4.19.276, 5.4.235 and others. CVE-2023-53800 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53800?

Yes — CVE-2023-53800 has been patched. Fixed versions include 4.14.308, 4.19.276, 5.4.235 and others. If you are running Linux kernel 2.6.22 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53800 actively exploited?

No — CVE-2023-53800 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.