CVE-2023-53360

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53360
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53360.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53360
Downstream
Related
Published
2025-09-17T14:56:50.287Z
Modified
2026-03-20T12:33:07.211801Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
NFSv4.2: Rework scratch handling for READ_PLUS (again)
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSv4.2: Rework scratch handling for READ_PLUS (again)

I found that the read code might send multiple requests using the same nfspgioheader, but nfs4procreadsetup() is only called once. This is how we ended up occasionally double-freeing the scratch buffer, but also means we set a NULL pointer but non-zero length to the xdr scratch buffer. This results in an oops the first time decoding needs to copy something to scratch, which frequently happens when decoding READPLUS hole segments.

I fix this by moving scratch handling into the pageio read code. I provide a function to allocate scratch space for decoding read replies, and free the scratch buffer when the nfspgioheader is freed.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53360.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
886959f425b6a936a30b82a297ae3aecb3b8230f
Fixed
adac9f0ddd2b291c7ce41f549fdb27a13616cff5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fbd2a05f29a95d5b42b294bf47e55a711424965b
Fixed
a2f4cb206bd94b3f4a7bb05fcdce9525283b5681
Fixed
ae5d5672f1db711e91db6f52df5cb16ecd8f5692
Fixed
303a78052091c81e9003915c521fdca1c7e117af

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53360.json"