CVE-2023-53680 PUBLISHED

NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL

Assigner: Linux
Reserved: 07.10.2025 Published: 07.10.2025 Updated: 07.10.2025

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL

OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value.

nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 to 50827896c365e0f6c8b55ed56d444dafd87c92c5 (excl.) affected from f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 to a64160124d5a078be0c380b1e8a0bad2d040d3a1 (excl.) affected from f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 to ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e (excl.) affected from f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 to f352c41fa718482979e7e6b71b4da2b718e381cc (excl.) affected from f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 to 804d8e0a6e54427268790472781e03bc243f4ee3 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.14 is affected unaffected from 0 to 4.14 (excl.) unaffected from 5.10.220 to 5.10.* (incl.) unaffected from 5.15.107 to 5.15.* (incl.) unaffected from 6.1.24 to 6.1.* (incl.) unaffected from 6.2.11 to 6.2.* (incl.) unaffected from 6.3 to * (incl.)

CVE-2023-53680 PUBLISHED

NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL

Product Status

References