CVE-2023-53838 — Missing Synchronization in Linux

CWE-820 — Missing Synchronization7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inode to be re-usable thoroughout the whole atomic file inode lifetime.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.19.0 — 6.1.18+1

▶Debianlinux/linux_kernel< 6.1.20-1+2

▶CVEListV5linux/linux3db1de0e582c358dd013f3703cd55b5fe4076436 — 102b82708c1523b36d421cb8687746906069bc17+4

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-qq3x-fvx9-x7fj: In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic wri↗2025-12-09

▶

OSV

CVE-2023-53838: In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write↗2025-12-09

▶

OSV

f2fs: synchronize atomic write aborts↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: synchronize atomic write aborts↗2025-12-09

▶

Debian

CVE-2023-53838: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: synch...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53838 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶