CVE-2023-52480

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix race condition between session lookup and expire

Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) –> kfree(sess) | // UAF! | sess->last_active = jiffies | +

This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < c77fd3e25a51ac92b0f1b347a96eff6a0b4f066faffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < a2ca5fd3dbcc665e1169044fa0c9e3eba779202baffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 18ced78b0ebccc2d16f426143dc56ab3aad666beaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 53ff5cf89142b978b1a5ca8dc4d4425e6a09745faffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.145 <= 5.15.*unaffected
LinuxLinux6.1.57 <= 6.1.*unaffected
LinuxLinux6.5.7 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References