CVE-2023-53055

fscrypt: destroy keyring after security_sb_delete()

Description

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until security_sb_delete(), this means that fscrypt_destroy_keyring() must be called *after* security_sb_delete(). This fixes a WARN_ON followed by a NULL dereference, only possible if Landlock was being used on encrypted files.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/992a3f3e8a0c92151dfdf65fc85567c865fd558a
https://git.kernel.org/stable/c/d77531fac6a1fd9f1db0195438ba5419d72b96c4
https://git.kernel.org/stable/c/497ab5d9c7852dfedab2c9de75e41b60e54b7c5d
https://git.kernel.org/stable/c/ccb820dc7d2236b1af0d54ae038a27b5b6d5ae5a

Frequently Asked Questions

What is the severity of CVE-2023-53055?
CVE-2023-53055 has not yet been assigned a CVSS score.
How to fix CVE-2023-53055?
To fix CVE-2023-53055, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53055 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53055 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53055?
CVE-2023-53055 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.