CVE-2023-54128 — Improper Resource Locking in Linux

CWE-413 — Improper Resource Locking CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)8 documents7 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +2 more

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a shared into a non-shared mount concurrently.

Affected Packages6 packages

▶Linuxlinux/linux_kernel5.12.0 — 5.15.107+2

▶Debianlinux/linux_kernel< 6.1.25-1+2

▶CVEListV5linux/linux2a1867219c7b27f928e2545782b86daaf9ad50bd — 0af8fae81d8b7f1beddc17c5d4cfa43235134648+4

▶debiandebian/linux< linux 6.1.25-1 (bookworm)

▶npmdirectus/app11.0.0 — 13.3.1

🔴Vulnerability Details

OSV

CVE-2023-54128: In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in th↗2025-12-24

▶

GHSA

GHSA-756h-2p6r-crqr: In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in↗2025-12-24

▶

OSV

fs: drop peer group ids under namespace lock↗2025-12-24

▶

GHSA

Directus has an HTML Injection in Comment↗2024-12-05

▶

📋Vendor Advisories

Red Hat

kernel: fs: drop peer group ids under namespace lock↗2025-12-24

▶

Debian

CVE-2023-54128: linux - In the Linux kernel, the following vulnerability has been resolved: fs: drop pe...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54128 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶