Buffer overflow in Linux kernel nfsd

Published: 2025-05-04 | Updated: 2025-05-10

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-53083
CWE-ID	CWE-119
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU108497

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53083

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfsd_splice_actor() function in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.219

CPE2.3

External links

https://git.kernel.org/stable/c/0101067f376eb7b9afd00279270f25d5111a091d
https://git.kernel.org/stable/c/12eca509234acb6b666802edf77408bb70d7bfca
https://git.kernel.org/stable/c/27c934dd8832dd40fd34776f916dc201e18b319b
https://git.kernel.org/stable/c/51ddb84baff6f09ad62b5999ece3ec172e4e3568
https://git.kernel.org/stable/c/8235cd619db6e67f1d7d26c55f1f3e4e575c947d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.220

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.