-

CVE-2023-53680

EPSS -
Veröffentlicht 07.10.2025 15:21:34
Zuletzt bearbeitet 07.10.2025 16:15:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL

OPDESC() simply indexes into nfsd4_ops[] by the op's operation
number, without range checking that value. It assumes callers are
careful to avoid calling it with an out-of-bounds opnum value.

nfsd4_decode_compound() is not so careful, and can invoke OPDESC()
with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end
of nfsd4_ops[].

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 50827896c365e0f6c8b55ed56d444dafd87c92c5

Version f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Status affected

Version < a64160124d5a078be0c380b1e8a0bad2d040d3a1

Version f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Status affected

Version < ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

Version f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Status affected

Version < f352c41fa718482979e7e6b71b4da2b718e381cc

Version f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Status affected

Version < 804d8e0a6e54427268790472781e03bc243f4ee3

Version f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.14

Status affected

Version < 4.14

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.220

Status unaffected

Version <= 5.15.*

Version 5.15.107

Status unaffected

Version <= 6.1.*

Version 6.1.24

Status unaffected

Version <= 6.2.*

Version 6.2.11

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/50827896c365e0f6c8b55ed56d444dafd87c92c5

https://git.kernel.org/stable/c/a64160124d5a078be0c380b1e8a0bad2d040d3a1

https://git.kernel.org/stable/c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e

https://git.kernel.org/stable/c/f352c41fa718482979e7e6b71b4da2b718e381cc

https://git.kernel.org/stable/c/804d8e0a6e54427268790472781e03bc243f4ee3

https://nvd.nist.gov/vuln/detail/CVE-2023-53680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53680

EUVD