Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READ_PLUS (again) I found that the read code might send multiple requests using the same nfs_pgio_header, but nfs4_proc_read_setup() is only called once. This is how we ended up occasionally double-freeing the scratch buffer, but also means we set a NULL pointer but non-zero length to the xdr scratch buffer. This results in an oops the first time decoding needs to copy something to scratch, which frequently happens when decoding READ_PLUS hole segments. I fix this by moving scratch handling into the pageio read code. I provide a function to allocate scratch space for decoding read replies, and free the scratch buffer when the nfs_pgio_header is freed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.4, < 6.4.16 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/303a78052091c81e9003915c521fdca1c7e117afPatch
- https://git.kernel.org/stable/c/a2f4cb206bd94b3f4a7bb05fcdce9525283b5681Patch
- https://git.kernel.org/stable/c/adac9f0ddd2b291c7ce41f549fdb27a13616cff5Patch
- https://git.kernel.org/stable/c/ae5d5672f1db711e91db6f52df5cb16ecd8f5692Patch
FAQ
What is CVE-2023-53360?
CVE-2023-53360 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READ_PLUS (again) I found that the read code might send multiple requests using the same nfs_...
How severe is CVE-2023-53360?
CVE-2023-53360 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53360?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.