CVE-2023-53083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-53083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53083

Related

UBUNTU-CVE-2023-53083

Published

2025-05-02T16:15:27Z

Modified

2025-05-05T22:59:09.882559Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: don't replace page in rq_pages if it's a continuation of last page

The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst->rqpages array. It's possible however to get a splice result that only has a partial page at the end, if (e.g.) the filesystem hands back a short read that doesn't cover the whole page.

nfsdspliceactor will plop the partial page into its rqpages array and return. Then later, when nfsdspliceactor is called again, the remainder of the page may end up being filled out. At this point, nfsdspliceactor will put the page into the array _again corrupting the reply. If this is done enough times, rqnextpage will overrun the array and corrupt the trailing fields -- the rqrespages and rqnext_page pointers themselves.

If we've already added the page to the array in the last pass, don't add it to the array a second time when dealing with a splice continuation. This was originally handled properly in nfsdspliceactor, but commit 91e23b1c3982 ("NFSD: Clean up nfsdspliceactor()") removed the check for it.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.221-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

5.10.191-1

5.10.197-1

5.10.205-1

5.10.205-2

5.10.209-1

5.10.209-2

5.10.216-1

5.10.218-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}