CVE-2023-54046 | crypto: essiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

Published: 2025-12-24 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54046 is rated Low Risk (6/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54046

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-25	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54046

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54046

OS Trackers for CVE-2023-54046

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-54046 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54046
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2023-54046
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-54046/
`ubuntu`	medium	CVE-2023-54046 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 134, not-affected 87, needs-triage 1.	https://ubuntu.com/security/CVE-2023-54046

Affected software / configurations for CVE-2023-54046

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-54046

URL	Tags
https://git.kernel.org/stable/c/69c67d451fc19d88e54f7d97e8e7c093e08357e1
https://git.kernel.org/stable/c/796e02cca30a67322161f0745e5ce994bbe75605
https://git.kernel.org/stable/c/840a1d3b77c1b062bd62b4733969a5b1efc274ce
https://git.kernel.org/stable/c/a006aa3eedb8bfd6fe317c3cfe9c86ffe76b2385
https://git.kernel.org/stable/c/b5a772adf45a32c68bef28e60621f12617161556
https://git.kernel.org/stable/c/c61e7d182ee3f3f5ecf18a2964e303d49c539b52

cvelogic Threat Intelligence