CVE-2023-53680
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2026-02-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53680
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.3
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the NFSD component where a function called OPDESC() is called with an invalid operation number (opnum) equal to OP_ILLEGAL (10044). OPDESC() indexes into an array nfsd4_ops[] without checking if the opnum is within valid bounds. The function nfsd4_decode_compound() can call OPDESC() with this out-of-bounds opnum, potentially causing unexpected behavior or errors.

Impact Analysis

Because OPDESC() is called with an out-of-bounds operation number, it can lead to undefined behavior such as memory corruption, crashes, or other security issues in the Linux kernel's NFS server component. This could potentially be exploited to disrupt services or compromise system stability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart