CVE-2023-53680 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].

PUBLISHED Reserved 2025-10-07 | Published 2025-10-07 | Updated 2025-10-07 | Assigner Linux

Product status

Default status

unaffected

f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 (git) before 50827896c365e0f6c8b55ed56d444dafd87c92c5

affected

f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 (git) before a64160124d5a078be0c380b1e8a0bad2d040d3a1

affected

f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 (git) before ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

affected

f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 (git) before f352c41fa718482979e7e6b71b4da2b718e381cc

affected

f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 (git) before 804d8e0a6e54427268790472781e03bc243f4ee3

affected

Default status

affected

4.14

affected

Any version before 4.14

unaffected

5.10.220 (semver)

unaffected

5.15.107 (semver)

unaffected

6.1.24 (semver)

unaffected

6.2.11 (semver)

unaffected

6.3 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/50827896c365e0f6c8b55ed56d444dafd87c92c5

git.kernel.org/...c/a64160124d5a078be0c380b1e8a0bad2d040d3a1

git.kernel.org/...c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

git.kernel.org/...c/f352c41fa718482979e7e6b71b4da2b718e381cc

git.kernel.org/...c/804d8e0a6e54427268790472781e03bc243f4ee3

cve.org (CVE-2023-53680)

nvd.nist.gov (CVE-2023-53680)

Download JSON

help @ threatint.eu