CVE-2023-53680

Advisory lineage Upstream: 0 Downstream: 14

Downstream

DEBIAN-CVE-2023-53680 RHSA-2025:23445 RHSA-2026:0532 RHSA-2026:0533 RHSA-2026:0534 RHSA-2026:0535

Analyzed

Published: 07 Oct 2025, 15:21

Last modified:11 May 2026, 19:49

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Oct 2025, 15:21

Published

Vulnerability first disclosed

11 May 2026, 19:49

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the op's operation number, without range checking that value. It assumes callers are careful to avoid calling it with an out-of-bounds opnum value. nfsd4_decode_compound() is not so careful, and can invoke OPDESC() with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end of nfsd4_ops[].

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8, < 50827896c365e0f6c8b55ed56d444dafd87c92c5 | ≥ f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8, < a64160124d5a078be0c380b1e8a0bad2d040d3a1 | ≥ f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8, < ffcbcf087581ae68ddc0a21460f7ecd4315bdd0e | ≥ f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8, < f352c41fa718482979e7e6b71b4da2b718e381cc | ≥ f4f9ef4a1b0a1ca80b152e28e176d69515bdf7e8, < 804d8e0a6e54427268790472781e03bc243f4ee3 | 4.14
linux•linux_kernel
≥ 4.14, < 5.10.220 | ≥ 5.11, < 5.15.107 | ≥ 5.16, < 6.1.24 | ≥ 6.2, < 6.2.11 | 6.3:rc1 | 6.3:rc2 | 6.3:rc3 | 6.3:rc4 | 6.3:rc5