What is CVE-2023-53845?

CVE-2023-53845 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.30 onward and patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-53845 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53845?

CVE-2023-53845 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53845?

Yes, CVE-2023-53845 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 2.6.30 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53845 actively exploited?

CVE-2023-53845 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53845

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely. In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount. Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.30 and later are affected. Fixed in 4.14.315, 4.19.283, 5.4.243, 5.10.180, 5.15.111, 6.1.28, 6.2.15, 6.3.2, 6.4 and their respective stable series.

Affected from

≥ 2.6.30

Fixed in

✓ 4.14.315 4.14.x ✓ 4.19.283 4.19.x ✓ 5.4.243 5.4.x ✓ 5.10.180 5.10.x ✓ 5.15.111 5.15.x ✓ 6.1.28 6.1.x ✓ 6.2.15 6.2.x ✓ 6.3.2 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-53845 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/25457d07c8146e57d28906c663def033dc425af6
Patch
Kernel patch commit
https://git.kernel.org/stable/c/34c5f17222b50c79848bb03ec8811648813e6a45
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5b29661669cb65b9750a3cf70ed3eaf947b92167
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-53845?

CVE-2023-53845 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.30 onward and has been patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-53845 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53845?

Yes — CVE-2023-53845 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 2.6.30 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53845 actively exploited?

No — CVE-2023-53845 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.