NFSv4.2 Vulnerability in Linux Kernel
CVE-2023-53360

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2023-53360?

The Linux kernel's NFSv4.2 implementation has a vulnerability due to improper handling of scratch buffers during read operations. This flaw can lead to double-free issues and null pointer dereferences, particularly affecting the decoding process of READ_PLUS which is frequently invoked in NFS operations. The error arises from the reuse of the same nfs_pgio_header for multiple read requests without adequate memory management, ultimately destabilizing the system during critical read operations. A fix has been implemented to handle scratch buffer allocation and deallocation properly within the pageio read code.

Affected Version(s)

Linux 886959f425b6a936a30b82a297ae3aecb3b8230f

Linux fbd2a05f29a95d5b42b294bf47e55a711424965b

Linux fbd2a05f29a95d5b42b294bf47e55a711424965b

References

https://git.kernel.org/stable/c/adac9f0ddd2b291c7ce41f549...
https://git.kernel.org/stable/c/a2f4cb206bd94b3f4a7bb05fc...
https://git.kernel.org/stable/c/ae5d5672f1db711e91db6f52d...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53360 : NFSv4.2 Vulnerability in Linux Kernel