CVE-2023-53025 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-362.8.1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z
kernel-0:5.14.0-362.8.1.el9_3	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:6583	2023-11-07T00:00:00Z

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025032719-CVE-2023-53025-5662@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-53025
https://www.cve.org/CVERecord?id=CVE-2023-53025

History

Thu, 05 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Title	NFSD: fix use-after-free in nfsd4_ssc_setup_dul()	kernel: NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
Weaknesses	CWE-416
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 05 Jun 2025 15:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/0a27dcd5343026ac0cb168ee63304255372b7a36 https://git.kernel.org/stable/c/32d5eb95f8f0e362e37c393310b13b9e95404560 https://git.kernel.org/stable/c/6ac4c383c39f8f2f955f868d1ad9365c2363e80b https://git.kernel.org/stable/c/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd

Thu, 05 Jun 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free in nfsd4_ssc_setup_dul() If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Wed, 28 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-825
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 02 Apr 2025 02:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025032719-CVE-2023-53025-5662@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-53025 https://www.cve.org/CVERecord?id=CVE-2023-53025
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 01 Apr 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
Vendors & Products		Linux Linux linux Kernel

Thu, 27 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 27 Mar 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free in nfsd4_ssc_setup_dul() If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue.
Title		NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
References		https://git.kernel.org/stable/c/0a27dcd5343026ac0cb168ee63304255372b7a36 https://git.kernel.org/stable/c/32d5eb95f8f0e362e37c393310b13b9e95404560 https://git.kernel.org/stable/c/6ac4c383c39f8f2f955f868d1ad9365c2363e80b https://git.kernel.org/stable/c/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-03-27T16:43:50.536Z

Updated: 2025-06-05T14:53:39.739Z

Reserved: 2025-03-27T16:40:15.755Z

Link: CVE-2023-53025

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-03-27T17:15:52.117

Modified: 2025-06-05T15:15:24.170

Link: CVE-2023-53025

Redhat

Severity : Moderate

Publid Date: 2025-03-27T00:00:00Z

Links: CVE-2023-53025 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object