CVE-2023-53360
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READ_PLUS (again) I found that the read code might send multiple requests using the same nfs_pgio_header, but nfs4_proc_read_setup() is only called once. This is how we ended up occasionally double-freeing the scratch buffer, but also means we set a NULL pointer but non-zero length to the xdr scratch buffer. This results in an oops the first time decoding needs to copy something to scratch, which frequently happens when decoding READ_PLUS hole segments. I fix this by moving scratch handling into the pageio read code. I provide a function to allocate scratch space for decoding read replies, and free the scratch buffer when the nfs_pgio_header is freed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53360
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.4 (inc) to 6.4.16 (exc)
linux linux_kernel From 6.5 (inc) to 6.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's NFSv4.2 implementation related to the READ_PLUS operation. The issue arises because the read code might send multiple requests using the same nfs_pgio_header, but the setup function nfs4_proc_read_setup() is only called once. This can lead to double-freeing the scratch buffer or setting a NULL pointer with a non-zero length to the xdr scratch buffer. As a result, an 'oops' (kernel crash) can occur when decoding READ_PLUS hole segments. The fix involves moving scratch buffer handling into the pageio read code, ensuring proper allocation and freeing of the scratch buffer.

Impact Analysis

This vulnerability can cause the Linux kernel to crash (an 'oops') during NFSv4.2 READ_PLUS operations, potentially leading to system instability or denial of service. If your system uses NFSv4.2 and performs READ_PLUS operations, it may be affected by unexpected kernel crashes due to improper memory handling.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart