CVE-2023-53609
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed" The "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would cause kernel panic because cmd->device may be freed after returning from scsi_dispatch_cmd(). This reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2025-10-04
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53609
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.4
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's SCSI subsystem. It involves an issue where the function scsi_queue_rq() increments a counter (iorequest_cnt) for a device after a command dispatch fails. Because the device may have been freed after the dispatch, incrementing this counter can cause a kernel panic (system crash). The vulnerability was introduced by a commit that prevented increasing the counter if dispatch failed, but this was reverted to fix the issue.

Impact Analysis

This vulnerability can cause a kernel panic, which means the affected system could crash unexpectedly. This can lead to denial of service, data loss, or system instability, impacting availability and reliability of systems using the affected Linux kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53609. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart