In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop driver, which still caused an alarm: loop_handle_cmd do_req_filebacked loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset; lo_rw_aio cmd->iocb.ki_pos = pos
Conclusion & alert: CVE-2023-53820 is rated Low Risk (14/100): low exploitation likelihood (EPSS 0.23%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.06% | 0.23% | +0.17% |
| 2 | 2026-05-19 | 0.04% | 0.06% | +0.02% |
| 3 | 2026-05-07 | — | 0.04% | — |
Full EPSS history (5 records total)
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2023-53820 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2023-53820 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2023-53820 |
suse
|
medium | — | https://www.suse.com/security/cve/CVE-2023-53820/ |
ubuntu
|
medium | CVE-2023-53820 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 134, not-affected 72, needed 15, needs-triage 1. | https://ubuntu.com/security/CVE-2023-53820 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 4.19.257, < 4.19.312 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.4.212, < 5.4.274 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.10.140, < 5.10.173 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.15.64, < 5.15.100 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.0, < 6.1.18 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.0, < 6.2.5 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.0, < 6.3 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 4.9.327 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 4.14.292 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.19.6 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |