Linux Kernel Vulnerability in NFSD Operations
CVE-2023-53680

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
7 October 2025

What is CVE-2023-53680?

A vulnerability exists in the Linux kernel's Network File System Daemon (NFSD) where an improper input validation allows the function OPDESC() to be called with an out-of-bounds operation number. Specifically, the nfsd4_decode_compound() function can mistakenly invoke OPDESC() with an illegal operation number, which can lead to operational failures or security breaches due to the lack of range checking, potentially exposing the system to various threats.

Affected Version(s)

Linux f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 < 50827896c365e0f6c8b55ed56d444dafd87c92c5

Linux f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Linux f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

References

https://git.kernel.org/stable/c/50827896c365e0f6c8b55ed56...
https://git.kernel.org/stable/c/a64160124d5a078be0c380b1e...
https://git.kernel.org/stable/c/ffcbcf087581ae68ddc0a2146...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53680 : Linux Kernel Vulnerability in NFSD Operations