CVE-2023-53680

Published: Oct 7, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].

Vendor	Product	Versions
Linux	Linux	affected `f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 - < 50827896c365e0f6c8b55ed56d444dafd87c92c5` affected `f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 - < a64160124d5a078be0c380b1e8a0bad2d040d3a1` affected `f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 - < ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e` affected `f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 - < f352c41fa718482979e7e6b71b4da2b718e381cc` affected `f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 - < 804d8e0a6e54427268790472781e03bc243f4ee3`
Linux	Linux	affected `4.14` unaffected `0 - < 4.14` unaffected `5.10.220 - <= 5.10.` unaffected `5.15.107 - <= 5.15.` unaffected `6.1.24 - <= 6.1.*` +2 more versions

References

https://git.kernel.org/stable/c/50827896c365e0f6c8b55ed56d444dafd87c92c5

https://git.kernel.org/stable/c/a64160124d5a078be0c380b1e8a0bad2d040d3a1

https://git.kernel.org/stable/c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

https://git.kernel.org/stable/c/f352c41fa718482979e7e6b71b4da2b718e381cc

https://git.kernel.org/stable/c/804d8e0a6e54427268790472781e03bc243f4ee3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53680

Description

Affected Products

References