CVE-2023-54128 | fs: drop peer group ids under namespace lock

In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a shared into a non-shared mount concurrently.

Published: 2025-12-24 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54128 is rated Low Risk (7.4/100): low exploitation likelihood (EPSS 0.18%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54128

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.18%	+0.16%
2	2025-12-25	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54128

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54128

OS Trackers for CVE-2023-54128

vendor	priority	summary	link
`debian`	unimportant	CVE-2023-54128 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54128
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2023-54128
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-54128/
`ubuntu`	medium	CVE-2023-54128 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 111, not-affected 110, needs-triage 1.	https://ubuntu.com/security/CVE-2023-54128

Affected software / configurations for CVE-2023-54128

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 5.12, < 5.15.107	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.12, < 6.1.24	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.12, < 6.2.11	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.12, < 6.3	cpe:2.3:o:linux:linux_kernel::::::::

References for CVE-2023-54128

URL	Tags
https://git.kernel.org/stable/c/0af8fae81d8b7f1beddc17c5d4cfa43235134648
https://git.kernel.org/stable/c/65c324d3f35c05e37afec39ac80743583fdcc96c
https://git.kernel.org/stable/c/cb2239c198ad9fbd5aced22cf93e45562da781eb
https://git.kernel.org/stable/c/ddca03d97daa7b07b60c52e3d3060762732c6666

cvelogic Threat Intelligence