{ "threat_severity" : "Low", "public_date" : "2025-10-22T00:00:00Z", "bugzilla" : { "description" : "kernel: NFS: Fix a potential data corruption", "id" : "2405779", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405779" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nNFS: Fix a potential data corruption\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.", "A logic error was found in the Linux kernel's NFS client implementation in the write request retransmission handling for O_DIRECT operations. \nA local user performing direct I/O writes over NFS can trigger this issue when the server completes writes synchronously and network conditions require retransmission, causing subrequests to not be properly rejoined to the head request before retransmit. This results in data corruption where written data may not be correctly persisted to the server." ], "statement" : "NFS write operations can be split into multiple subrequests, which must be rejoined to the head request before any retransmission occurs. When an NFS server handles a write synchronously rather than through the commit mechanism, the head request bypasses the normal commit list path. If retransmission becomes necessary due to network issues, the code failed to add the head back to the retransmission list, leaving subrequests orphaned. This causes incomplete or corrupted writes to the server without returning errors to the application. Triggering the bug requires local access to an NFS-mounted filesystem using O_DIRECT, combined with server-side synchronous write behavior and network conditions that prompt retransmission.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53711\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53711\nhttps://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53711-24c6@gregkh/T" ], "name" : "CVE-2023-53711", "mitigation" : { "value" : "To mitigate this issue, avoid using O_DIRECT for writes on NFS mounts until updates are applied. Alternatively, prevent the nfs module from being loaded if NFS is not required. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.", "lang" : "en:us" }, "csaw" : false }