What is CVE-2023-54079?

CVE-2023-54079 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.3 onward and patched in 4.14.316, 4.19.284, 5.4.244 and others. CVE-2023-54079 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54079?

CVE-2023-54079 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54079?

Yes, CVE-2023-54079 has been patched. Fixed versions include 4.14.316, 4.19.284, 5.4.244 and others. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54079 actively exploited?

CVE-2023-54079 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54079

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix poll_interval handling and races on remove Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item. There are 2 problems with this: 1. If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly 2. This is racy, after it being set poll_interval could be changed before bq27xxx_battery_update() checks it through /sys/module/bq27xxx_battery/parameters/poll_interval Fix this by added a removed attribute to struct bq27xxx_device_info and using that instead of setting poll_interval to 0. There also is another poll_interval related race on remove(), writing /sys/module/bq27xxx_battery/parameters/poll_interval will requeue the delayed_work item for all devices on the bq27xxx_battery_devices list and the device being removed was only removed from that list after cancelling the delayed_work item. Fix this by moving the removal from the bq27xxx_battery_devices list to before cancelling the delayed_work item.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.3 and later are affected. Fixed in 4.14.316, 4.19.284, 5.4.244, 5.10.181, 5.15.114, 6.1.31, 6.3.5, 6.4 and their respective stable series.

Affected from

≥ 3.3

Fixed in

✓ 4.14.316 4.14.x ✓ 4.19.284 4.19.x ✓ 5.4.244 5.4.x ✓ 5.10.181 5.10.x ✓ 5.15.114 5.15.x ✓ 6.1.31 6.1.x ✓ 6.3.5 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54079 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0c5f4cec759679c290720fbcf6bb81768e21c95b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/465d919151a1e8d40daf366b868914f59d073211
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4c9615474fb0a41cfad658d78db3c9ec70912969
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54079?

CVE-2023-54079 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.3 onward and has been patched in 4.14.316, 4.19.284, 5.4.244 and others. CVE-2023-54079 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54079?

Yes — CVE-2023-54079 has been patched. Fixed versions include 4.14.316, 4.19.284, 5.4.244 and others. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54079 actively exploited?

No — CVE-2023-54079 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.