What is CVE-2023-54130?

CVE-2023-54130 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.9.337 onward and patched in 6.0.19, 6.1.5 and 6.2. CVE-2023-54130 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54130?

CVE-2023-54130 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54130?

Yes, CVE-2023-54130 has been patched. Fixed versions include 6.0.19, 6.1.5 and 6.2. If you are running Linux kernel 4.9.337 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54130 actively exploited?

CVE-2023-54130 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54130

In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it turns out that syzbot then complains because it can trigger said warning with a corrupted hfs image. The warning actually does warn about a bad situation, but we are much better off just handling it as the error it is. So rather than warn about us doing bad things, stop doing the bad things and return -EIO. While at it, also fix a memory leak that was introduced by an earlier fix for a similar syzbot warning situation, and add a check for one case that historically wasn't handled at all (ie neither comment nor subsequent WARN_ON).

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.9.337, 5.16 and later are affected. Fixed in 6.0.19, 6.1.5, 6.2 and their respective stable series.

Affected from

≥ 4.9.337 ≥ 5.16

Fixed in

✓ 6.0.19 6.0.x ✓ 6.1.5 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2023-54130 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/45917be9f0af339a45b4619f31c902d37b8aed59
Patch
Kernel patch commit
https://git.kernel.org/stable/c/82725be426bce0a425cc5e26fbad61ffd29cff03
Patch
Kernel patch commit
https://git.kernel.org/stable/c/90e019006644dad35862cb4aa270f561b0732066
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54130?

CVE-2023-54130 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.9.337 onward and has been patched in 6.0.19, 6.1.5 and 6.2. CVE-2023-54130 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54130?

Yes — CVE-2023-54130 has been patched. Fixed versions include 6.0.19, 6.1.5 and 6.2. If you are running Linux kernel 4.9.337 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54130 actively exploited?

No — CVE-2023-54130 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.