What is CVE-2023-53804?

CVE-2023-53804 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.37 onward and patched in 4.14.316, 4.19.284, 5.4.244 and others. CVE-2023-53804 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53804?

CVE-2023-53804 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53804?

Yes, CVE-2023-53804 has been patched. Fixed versions include 4.14.316, 4.19.284, 5.4.244 and others. If you are running Linux kernel 2.6.37 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53804 actively exploited?

CVE-2023-53804 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53804

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue by modifying nilfs_evict_inode() to only clear inode without additional metadata changes that use nilfs_root if the file system is degraded to read-only or the writer is detached.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.37 and later are affected. Fixed in 4.14.316, 4.19.284, 5.4.244, 5.10.181, 5.15.113, 6.1.30, 6.3.4, 6.4 and their respective stable series.

Affected from

≥ 2.6.37

Fixed in

✓ 4.14.316 4.14.x ✓ 4.19.284 4.19.x ✓ 5.4.244 5.4.x ✓ 5.10.181 5.10.x ✓ 5.15.113 5.15.x ✓ 6.1.30 6.1.x ✓ 6.3.4 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-53804 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/116d53f09ff52e6f98e3fe1f85d8898d6ba26c68
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2a782ea8ebd712a458466e3103e2881b4f886cb5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6b4205ea97901f822004e6c8d59484ccfda03faa
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53804?

CVE-2023-53804 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.37 onward and has been patched in 4.14.316, 4.19.284, 5.4.244 and others. CVE-2023-53804 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53804?

Yes — CVE-2023-53804 has been patched. Fixed versions include 4.14.316, 4.19.284, 5.4.244 and others. If you are running Linux kernel 2.6.37 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53804 actively exploited?

No — CVE-2023-53804 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.