What is CVE-2023-54209?

CVE-2023-54209 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.19 onward and patched in 6.1.39, 6.3.13, 6.4.4 and others. CVE-2023-54209 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54209?

CVE-2023-54209 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54209?

Yes, CVE-2023-54209 has been patched. Fixed versions include 6.1.39, 6.3.13, 6.4.4 and others. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54209 actively exploited?

CVE-2023-54209 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54209

In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b ("block: remove per-disk debugfs files in blk_unregister_queue") moves blk_trace_shutdown() from blk_release_queue() to blk_unregister_queue(), this is safe if blktrace is created through sysfs, however, there is a regression in corner case. blktrace can still be enabled after del_gendisk() through ioctl if the disk is opened before del_gendisk(), and if blktrace is not shutdown through ioctl before closing the disk, debugfs entries will be leaked. Fix this problem by shutdown blktrace in disk_release(), this is safe because blk_trace_remove() is reentrant.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.19 and later are affected. Fixed in 6.1.39, 6.3.13, 6.4.4, 6.5 and their respective stable series.

Affected from

≥ 5.19

Fixed in

✓ 6.1.39 6.1.x ✓ 6.3.13 6.3.x ✓ 6.4.4 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-54209 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/7149e57cf01184fba175589f8fbe9fbf33be02e1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/942e81650b81b4ca62f1d8c61de455c9e7c7e6ca
Patch
Kernel patch commit
https://git.kernel.org/stable/c/aa07e56c6a9c7558165690d14eed4fe8babf34fb
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54209?

CVE-2023-54209 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.19 onward and has been patched in 6.1.39, 6.3.13, 6.4.4 and others. CVE-2023-54209 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54209?

Yes — CVE-2023-54209 has been patched. Fixed versions include 6.1.39, 6.3.13, 6.4.4 and others. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54209 actively exploited?

No — CVE-2023-54209 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.