Login Sign Up

CVE-2023-1652

7.1 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the NFS server implementation in the Linux kernel allows a local attacker to crash the system or potentially leak kernel memory. This affects systems running vulnerable Linux kernel versions with NFS server functionality enabled. Attackers need local access to exploit this flaw.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions vary by distribution; generally Linux kernel versions before fixes in May 2023.
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if NFS server (nfsd) is running. Many systems don't run NFS server by default.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, or kernel memory disclosure that could aid further exploitation.

🟠

Likely Case

System crash or instability requiring reboot, causing temporary service disruption.

🟢

If Mitigated

Minimal impact if proper access controls prevent local attacker access to NFS server functionality.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers on affected systems could cause denial of service or information disclosure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel fixes available in distributions' security updates (e.g., RHEL, Ubuntu, Debian security advisories)

Vendor Advisory: https://access.redhat.com/security/cve/cve-2023-1652

Restart Required: Yes

Instructions:

1. Check your distribution's security advisory. 2. Update kernel package via package manager. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFS Server

linux

Stop and disable nfs-server service if not required

sudo systemctl stop nfs-server
sudo systemctl disable nfs-server

🧯 If You Can't Patch

  • Restrict local user access to systems running NFS server
  • Implement strict access controls and monitoring for NFS server systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nfs-server is running: 'uname -r' and 'systemctl status nfs-server'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and ensure nfs-server is stopped or updated kernel is running

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash/reboot events
  • NFS server error messages

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for kernel panic events or unexpected system reboots on NFS server systems

📊 Metadata

CVE ID: CVE-2023-1652
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-416
Published: March 29, 2023
Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1652, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)