CVE-2023-53820
CVE-2023-53820 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (15th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-60176
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop driver, which still caused an alarm: loop_handle_cmd do_req_filebacked loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset; lo_rw_aio cmd->iocb.ki_pos = pos
Frequently asked questions
- What is CVE-2023-53820?
- In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop driver, which still caused an alarm: loop_handle_cmd do_req_filebacked loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset; lo_rw_aio cmd->iocb.ki_pos = pos
- Is CVE-2023-53820 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (15th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2023-53820?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2023-53820 have an EU (EUVD) identifier?
- Yes. CVE-2023-53820 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-60176.
- When was CVE-2023-53820 published?
- CVE-2023-53820 was published on 2025-12-09 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/258809bf22bf71d53247856f374f2b1d055f2fd4
- https://git.kernel.org/stable/c/2ea7077748e5d7cc64f1c31342c802fe66ea7426
- https://git.kernel.org/stable/c/3e7d0968203d668af6036b9f9199c7b62c8a3581
- https://git.kernel.org/stable/c/4be26d553a3f1d4f54f25353d1496c562002126d
- https://git.kernel.org/stable/c/6bdf4e6dfb60cbb6121ccf027d97ed2ec97c0bcb
- https://git.kernel.org/stable/c/832580af82ace363205039a8e7c4ef04552ccc1a
- https://git.kernel.org/stable/c/861021710bba9dfa0749a3c209a6c1773208b1f1
- https://git.kernel.org/stable/c/9f6ad5d533d1c71e51bdd06a5712c4fbc8768dfa
- https://git.kernel.org/stable/c/c79a924ed6afac1708dfd370ba66bcf6a852ced6