CVE-2023-53241

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: call op_release, even when op_func returns an error

For ops with "trivial" replies, nfsd4_encode_operation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is calling op_release. This could cause a memory leak in the layoutget codepath if there is an error at an inopportune time.

Have the compound processing engine always call op_release, even when op_func sets an error in op->status. With this change, we also need nfsd4_block_get_device_info_scsi to set the gd_device pointer to NULL on error to avoid a double free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux34b1744c91ccd44811005822106945fa80ecbff2 < 65a33135e91e6dd661ecdf1194b9d90c49ae3570affected
LinuxLinux34b1744c91ccd44811005822106945fa80ecbff2 < b11d8162c24af4a351d21e2c804d25ca493305e3affected
LinuxLinux34b1744c91ccd44811005822106945fa80ecbff2 < b623a8e5d38a69a3ef8644acb1030dd7c7bc28b3affected
LinuxLinux34b1744c91ccd44811005822106945fa80ecbff2 < 3d0dcada384af22dec764c8374a2997870ec86aeaffected
LinuxLinux34b1744c91ccd44811005822106945fa80ecbff2 < 15a8b55dbb1ba154d82627547c5761cac884d810affected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux5.10.220 <= 5.10.*unaffected
LinuxLinux5.15.154 <= 5.15.*unaffected
LinuxLinux6.1.24 <= 6.1.*unaffected
LinuxLinux6.2.11 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References