CVE-2023-54119

medium

Published 2025-11-11 · Modified 2025-11-11

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotify_freeing_mark() races with inotify_handle_inode_event() it can happen that inotify_handle_inode_event() sees that i_mark->wd got already reset to -1 and reports this value to userspace which can confuse the inotify listener. Avoid the problem by validating that wd is sensible (and pretend the mark got removed before the event got generated otherwise).

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-54119

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-54119.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:20518

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected
debian	bookworm	fixed	`6.1.37-1`
debian	bullseye	fixed	`5.10.191-1`
debian	forky	fixed	`6.3.7-1`
debian	sid	fixed	`6.3.7-1`
debian	trixie	fixed	`6.3.7-1`

References

Verify integrity in audit chain (admin only). AS-IS.