CVE-2023-54309
Published Dec 30, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueue' as the very first step of the driver initialization.
Is your site exposed to CVE-2023-54309?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/04e8697d26613ccea760cf57eb20a5a27f788c0f
https://git.kernel.org/stable/c/092db954e2c3c5ba6c0ce990c7da72cf8f3b9c51
https://git.kernel.org/stable/c/509d21f1c4bb9d35d397fca3226165b156a7639f
https://git.kernel.org/stable/c/86b9820395f226b8f33cbae9599deebf8af1ce72
https://git.kernel.org/stable/c/99b998fb9d7d2d2d9dbb3e19db2d0ade02f5a604
https://git.kernel.org/stable/c/9ff7fcb3a2ed0e9b895bb5b4c13872d584a8815b
https://git.kernel.org/stable/c/e08295290c53a3cf174c236721747a01b9550ae2
https://git.kernel.org/stable/c/f4032d615f90970d6c3ac1d9c0bce3351eb4445c
Frequently Asked Questions
What is CVE-2023-54309? +
In the Linux kernel, the following vulnerability has been resolved:
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
/dev/vtpmx is made visible before 'workqueue' is initialized, which can
lead to a memory corruption in the worst case scenario.
Address this by initializing 'workqueue' as the very first step of the
driver initialization.
How do I check if I'm vulnerable to CVE-2023-54309? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.