| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100708-CVE-2023-53680-501d@gregkh> Date: Tue, 7 Oct 2025 17:21:39 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53680: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[]. The Linux kernel CVE team has assigned CVE-2023-53680 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14 with commit f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 and fixed in 5.10.220 with commit 50827896c365e0f6c8b55ed56d444dafd87c92c5 Issue introduced in 4.14 with commit f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 and fixed in 5.15.107 with commit a64160124d5a078be0c380b1e8a0bad2d040d3a1 Issue introduced in 4.14 with commit f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 and fixed in 6.1.24 with commit ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e Issue introduced in 4.14 with commit f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 and fixed in 6.2.11 with commit f352c41fa718482979e7e6b71b4da2b718e381cc Issue introduced in 4.14 with commit f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8 and fixed in 6.3 with commit 804d8e0a6e54427268790472781e03bc243f4ee3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53680 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfsd/nfs4xdr.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/50827896c365e0f6c8b55ed56d444dafd87c92c5 https://git.kernel.org/stable/c/a64160124d5a078be0c380b1e8a0bad2d040d3a1 https://git.kernel.org/stable/c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e https://git.kernel.org/stable/c/f352c41fa718482979e7e6b71b4da2b718e381cc https://git.kernel.org/stable/c/804d8e0a6e54427268790472781e03bc243f4ee3
Powered by blists - more mailing lists