What is CVE-2023-54093?

CVE-2023-54093 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.27 onward and patched in 4.14.326, 4.19.295, 5.4.257 and others. CVE-2023-54093 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54093?

CVE-2023-54093 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54093?

Yes, CVE-2023-54093 has been patched. Fixed versions include 4.14.326, 4.19.295, 5.4.257 and others. If you are running Linux kernel 2.6.27 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54093 actively exploited?

CVE-2023-54093 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54093

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anysee_master_xfer In anysee_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach anysee_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") [hverkuil: add spaces around +]

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.27 and later are affected. Fixed in 4.14.326, 4.19.295, 5.4.257, 5.10.197, 5.15.133, 6.1.55, 6.5.5, 6.6 and their respective stable series.

Affected from

≥ 2.6.27

Fixed in

✓ 4.14.326 4.14.x ✓ 4.19.295 4.19.x ✓ 5.4.257 5.4.x ✓ 5.10.197 5.10.x ✓ 5.15.133 5.15.x ✓ 6.1.55 6.1.x ✓ 6.5.5 6.5.x ✓ 6.6

References

The following references provide additional information about CVE-2023-54093 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/14b94154a72388b57221a2a73795c0ea61a95373
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3dd5846a873938ec7b6d404ec27662942cd8f2ef
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4a9763d2bc4a6d6fab42555b9c0b2eefa32585ac
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54093?

CVE-2023-54093 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.27 onward and has been patched in 4.14.326, 4.19.295, 5.4.257 and others. CVE-2023-54093 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54093?

Yes — CVE-2023-54093 has been patched. Fixed versions include 4.14.326, 4.19.295, 5.4.257 and others. If you are running Linux kernel 2.6.27 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54093 actively exploited?

No — CVE-2023-54093 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.