CVE-2023-53131: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53131 is a vulnerability discovered in the Linux kernel's SUNRPC (Remote Procedure Call) server shutdown functionality. The vulnerability was disclosed on May 2, 2025, affecting various Linux kernel versions. The issue involves a race condition during server shutdown where kthread_stop() may prevent the threadfn from being executed, resulting in improper cleanup of system resources (NVD CVE, Wiz Report).

The vulnerability exists in the SUNRPC subsystem of the Linux kernel where a race condition occurs during server shutdown. When triggered, kthreadstop() may prevent the threadfn from being called, which results in improper cleanup of the svcrqst structure. The vulnerability has been assigned a CVSS v3.1 score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The primary impact of this vulnerability is a potential resource leak during server shutdown due to the incomplete cleanup of svc_rqst structures. This can lead to resource exhaustion over time, which may affect system stability and performance (Wiz Report).

The vulnerability has been patched in various Linux distributions. Debian has addressed this in multiple versions including bullseye (5.10.234-1), bookworm (6.1.135-1), and trixie (6.12.22-1). Ubuntu has implemented fixes for versions 20.04 (5.15.0-79.86) and 22.04 (5.15.0-1039.47). Red Hat has deferred fixes for Red Hat Enterprise Linux 9 (Debian Tracker, Ubuntu).