What is CVE-2023-53850?

CVE-2023-53850 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.15 onward and patched in 6.1.42, 6.4.7 and 6.5. CVE-2023-53850 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-53850?

CVE-2023-53850 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-53850?

Yes, CVE-2023-53850 has been patched. Fixed versions include 6.1.42, 6.4.7 and 6.5. If you are running Linux kernel 4.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-53850 actively exploited?

CVE-2023-53850 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-53850

In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavf_reset_task() is running, __LINK_STATE_START will be cleared and netif_running() will return false in iavf_reinit_interrupt_scheme(). This will result in iavf_free_traffic_irqs() not being called and a leak as follows: [7632.489326] remove_proc_entry: removing non-empty directory 'irq/999', leaking at least 'iavf-enp24s0f0v0-TxRx-0' [7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0 is shown when pci_disable_msix() is later called. Fix by using the internal adapter state. The traffic IRQs will always exist if state == __IAVF_RUNNING.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.15 and later are affected. Fixed in 6.1.42, 6.4.7, 6.5 and their respective stable series.

Affected from

≥ 4.15

Fixed in

✓ 6.1.42 6.1.x ✓ 6.4.7 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-53850 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5e9db32eec628481f5da97a5b1aedb84a5240d18
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6d9d01689b82ff5cb8f8d2a82717d7997bc0bfff
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a77ed5c5b768e9649be240a2d864e5cd9c6a2015
Patch

Frequently asked questions

What is CVE-2023-53850?

CVE-2023-53850 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.15 onward and has been patched in 6.1.42, 6.4.7 and 6.5. CVE-2023-53850 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-53850?

Yes — CVE-2023-53850 has been patched. Fixed versions include 6.1.42, 6.4.7 and 6.5. If you are running Linux kernel 4.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-53850 actively exploited?

No — CVE-2023-53850 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.