CVE-2023-53241
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nfsd: call op_release, even when op_func returns an error For ops with "trivial" replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is calling op_release. This could cause a memory leak in the layoutget codepath if there is an error at an inopportune time. Have the compound processing engine always call op_release, even when op_func sets an error in op->status. With this change, we also need nfsd4_block_get_device_info_scsi to set the gd_device pointer to NULL on error to avoid a double free.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53241
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.14 (inc) to 5.10.220 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.154 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.24 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.11 (exc)
linux linux_kernel 6.3
linux linux_kernel 6.3
linux linux_kernel 6.3
linux linux_kernel 6.3
linux linux_kernel 6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's NFS server (nfsd) occurs because the function op_release is not called when an operation function (op_func) returns an error for certain "trivial" replies. Normally, nfsd4_encode_operation shortcuts encoding work and skips calling op_release, which can lead to a memory leak in the layoutget codepath if an error happens at the wrong time. The fix ensures that op_release is always called, even when there is an error, preventing the memory leak.

Impact Analysis

This vulnerability can cause a memory leak in the Linux kernel's NFS server when certain errors occur. Memory leaks can degrade system performance over time, potentially leading to resource exhaustion and system instability or crashes if the leak is severe and persistent.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the nfsd component has been patched to always call op_release even when op_func returns an error. This prevents memory leaks in the layoutget codepath. Ensure that your system is running the latest kernel updates from your distribution that include this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart