| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091856-CVE-2023-53381-a774@gregkh> Date: Thu, 18 Sep 2025 15:34:26 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53381: NFSD: fix leaked reference count of nfsd4_ssc_umount_item From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: NFSD: fix leaked reference count of nfsd4_ssc_umount_item The reference count of nfsd4_ssc_umount_item is not decremented on error conditions. This prevents the laundromat from unmounting the vfsmount of the source file. This patch decrements the reference count of nfsd4_ssc_umount_item on error. The Linux kernel CVE team has assigned CVE-2023-53381 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit f4e44b393389c77958f7c58bf4415032b4cda15b and fixed in 5.15.154 with commit 80a15dc4a0214b55ca42675bb0bb2a8d857eb1d0 Issue introduced in 5.14 with commit f4e44b393389c77958f7c58bf4415032b4cda15b and fixed in 6.1.16 with commit 9f0df37520a27ad99eaacf38418b3d2bb5023105 Issue introduced in 5.14 with commit f4e44b393389c77958f7c58bf4415032b4cda15b and fixed in 6.2.3 with commit 6c3c05402547aaca3edb23327b50f01a881831b9 Issue introduced in 5.14 with commit f4e44b393389c77958f7c58bf4415032b4cda15b and fixed in 6.3 with commit 34e8f9ec4c9ac235f917747b23a200a5e0ec857b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53381 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfsd/nfs4proc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2da50149981d05955e51c28e982e9ac29bd73417 https://git.kernel.org/stable/c/80a15dc4a0214b55ca42675bb0bb2a8d857eb1d0 https://git.kernel.org/stable/c/9f0df37520a27ad99eaacf38418b3d2bb5023105 https://git.kernel.org/stable/c/6c3c05402547aaca3edb23327b50f01a881831b9 https://git.kernel.org/stable/c/34e8f9ec4c9ac235f917747b23a200a5e0ec857b
Powered by blists - more mailing lists