DEBIAN-CVE-2023-53360
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53360
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53360.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53360
- Upstream
- Published
- 2025-09-17T15:15:40Z
- Modified
- 2025-09-30T05:17:59.696559Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READPLUS (again) I found that the read code might send multiple requests using the same nfspgioheader, but nfs4procreadsetup() is only called once. This is how we ended up occasionally double-freeing the scratch buffer, but also means we set a NULL pointer but non-zero length to the xdr scratch buffer. This results in an oops the first time decoding needs to copy something to scratch, which frequently happens when decoding READPLUS hole segments. I fix this by moving scratch handling into the pageio read code. I provide a function to allocate scratch space for decoding read replies, and free the scratch buffer when the nfspgio_header is freed.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.55-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source