CVE-2023-53680

Oct. 8, 2025, 7:38 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/50827896c365e0f6c8b55ed56d444dafd87c92c5
https://git.kernel.org/stable/c/804d8e0a6e54427268790472781e03bc243f4ee3
https://git.kernel.org/stable/c/a64160124d5a078be0c380b1e8a0bad2d040d3a1
https://git.kernel.org/stable/c/f352c41fa718482979e7e6b71b4da2b718e381cc
https://git.kernel.org/stable/c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-10-07
CVE-2023-53680

Timeline

Published: Oct. 7, 2025, 4:15 p.m.
Last Modified: Oct. 8, 2025, 7:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.