CVE-2023-53606

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak vulnerability in the Linux kernel's NFS server (nfsd) COPY functionality could allow resource exhaustion attacks. When kthread creation fails during asynchronous file copy operations, the kernel fails to properly release file reference counts, leading to potential memory leaks. This affects systems running vulnerable Linux kernel versions with NFS server enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly stated in CVE description; check kernel commit history for affected releases.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when NFS server (nfsd) is enabled and COPY functionality is used. Not all Linux distributions enable NFS server by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.

🟠

Likely Case

Memory leaks gradually consuming kernel resources, potentially leading to performance degradation or service disruption over time.

🟢

If Mitigated

Minimal impact with proper monitoring and resource limits in place.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks could be targeted for DoS attacks.
🏢 Internal Only: LOW - Requires NFS server access and specific COPY operations to trigger.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires NFS server access and ability to trigger COPY operations. Memory leak is triggered by specific error condition (kthread creation failure).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 6ba434cb1a8d403ea9aad1b667c3ea3ad8b3191f, 75b8c681c563ef7e85da6862354efc18d2a08b1b, 8f565846fbe8182961498d4cbe618b15076a683b, b3169b6ffe036b549c296a9e71591d29a1fb3209, fd63299db8090307eae66f2aef17c8f00aafa0a9

Vendor Advisory: https://git.kernel.org/stable/c/6ba434cb1a8d403ea9aad1b667c3ea3ad8b3191f

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NFS server

linux

If NFS server functionality is not required, disable it to eliminate attack surface.

systemctl stop nfs-server
systemctl disable nfs-server

Restrict NFS access

linux

Limit NFS server access to trusted networks and clients only.

Edit /etc/exports to restrict access
Use firewall rules to limit NFS port access

🧯 If You Can't Patch

  • Monitor kernel memory usage and system logs for signs of memory exhaustion
  • Implement rate limiting on NFS COPY operations to reduce attack surface

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if NFS server is running: systemctl status nfs-server && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update contains the fix commits: uname -r && check kernel changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel OOM (Out of Memory) messages in /var/log/kern.log or dmesg
  • Increased memory usage by kernel processes
  • NFS server error logs related to COPY operations

Network Indicators:

  • Unusual NFS COPY request patterns
  • Multiple failed NFS operations from single sources

SIEM Query:

source="kernel" AND ("out of memory" OR "OOM") OR source="nfsd" AND "COPY"

📊 Metadata

CVE ID: CVE-2023-53606
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Published: October 4, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON