Unrated severityNVD Advisory· Published Oct 7, 2025
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
CVE-2023-53680
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value.
nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].
Affected products
2- Linux/Linuxv5Range: 4.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/50827896c365e0f6c8b55ed56d444dafd87c92c5mitre
- git.kernel.org/stable/c/804d8e0a6e54427268790472781e03bc243f4ee3mitre
- git.kernel.org/stable/c/a64160124d5a078be0c380b1e8a0bad2d040d3a1mitre
- git.kernel.org/stable/c/f352c41fa718482979e7e6b71b4da2b718e381ccmitre
- git.kernel.org/stable/c/ffcbcf087581ae68ddc0a21460f7ecd4315bdd0emitre
News mentions
0No linked articles in our index yet.