CVE-2023-53008

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix potential memory leaks in session setup

Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd3686d54c7902a303bd65d751226aa1647319863 < 893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9baffected
LinuxLinuxd3686d54c7902a303bd65d751226aa1647319863 < 2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46faffected
LinuxLinux2.6.37affected
LinuxLinux0 < 2.6.37unaffected
LinuxLinux6.1.9 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References