Bug 2405779 (CVE-2023-53711)

Summary: CVE-2023-53711 kernel: NFS: Fix a potential data corruption
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A logic error was found in the Linux kernel's NFS client implementation in the write request retransmission handling for O_DIRECT operations. A local user performing direct I/O writes over NFS can trigger this issue when the server completes writes synchronously and network conditions require retransmission, causing subrequests to not be properly rejoined to the head request before retransmit. This results in data corruption where written data may not be correctly persisted to the server.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-22 14:06:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a potential data corruption

We must ensure that the subrequests are joined back into the head before
we can retransmit a request. If the head was not on the commit lists,
because the server wrote it synchronously, we still need to add it back
to the retransmission list.
Add a call that mirrors the effect of nfs_cancel_remove_inode() for
O_DIRECT.
Comment 1 Jon Moroney 2025-10-22 15:56:05 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53711-24c6@gregkh/T