CVE-2023-53025

high

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free in nfsd4_ssc_setup_dul() If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue.

References

https://git.kernel.org/stable/c/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd

https://git.kernel.org/stable/c/6ac4c383c39f8f2f955f868d1ad9365c2363e80b

https://git.kernel.org/stable/c/32d5eb95f8f0e362e37c393310b13b9e95404560

https://git.kernel.org/stable/c/0a27dcd5343026ac0cb168ee63304255372b7a36

Details

Source: Mitre, NVD

Published: 2025-03-27

Updated: 2025-04-01

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High