PT-2025-41124 · Linux+1 · Linux Kernel+1

Published

2023-03-31

Updated

2026-02-03

CVE-2023-53680

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the Network File System daemon (NFSD). Specifically, the OPDESC() function does not perform adequate range checking on the operation number (opnum) it receives, assuming callers will avoid out-of-bounds values. The nfsd4 decode compound() function can invoke OPDESC() with opnum set to OP ILLEGAL (value 10044), which exceeds the bounds of the nfsd4 ops array. This can lead to undefined behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BDU:2026-04104

CVE-2023-53680

OESA-2026-1275

RHSA-2026:0532

RHSA-2026:0533

RHSA-2026:0534

RHSA-2026:0535

RHSA-2026:0536

RHSA-2026:0537

RHSA-2026:0576

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4320-1

Affected Products

Linux Kernel

Suse

PT-2025-41124 · Linux+1 · Linux Kernel+1

CVE-2023-53680

Weakness Enumeration

Related Identifiers

Affected Products

References · 487