PT-2025-53196 · Linux · Linux Kernel

Published

2025-12-24

Updated

2026-02-24

CVE-2023-54119

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A condition exists in the Linux kernel where a race between inotify freeing mark() and inotify handle inode event() can lead to the reporting of an event with an invalid watch descriptor (wd) to userspace. This occurs when inotify handle inode event() observes that i mark->wd has already been reset to -1. The issue is addressed by validating the wd to ensure it is sensible and by pretending the mark was removed before the event was generated if the wd is invalid.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-54119

SUSE-SU-2026:0263-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-53196 · Linux · Linux Kernel

CVE-2023-54119

Related Identifiers

Affected Products

References · 1108