CVE-2023-53241

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where the op release function is not consistently called, even when op func returns an error. This can lead to a memory leak in the layoutget codepath, specifically within the Network File System (NFS) daemon (nfsd) when handling operations with "trivial" replies. The nfsd4 encode operation function skips calling op release under certain conditions, causing the memory leak. Additionally, nfsd4 block get device info scsi needs to set the gd device pointer to NULL on error to prevent a double free.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_16880

BDU:2026-05879

CESA-2023_7077

CVE-2023-53241

OESA-2025-2406

OESA-2025-2407

OESA-2025-2408

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Centos

Linux Kernel

Nfs

Red Hat

Red Os

Suse

Nfsd

Nfsd4 Block Get Device Info Scsi

Nfsd4 Encode Operation

CVE-2023-53241

Weakness Enumeration

Related Identifiers

Affected Products

References · 913