CVE-2023-53358

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix racy issue under cocurrent smb2 tree disconnect

There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent access.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < b36295c17fb97424406f0c3ab321b1ccaabb9be8affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < bd80d35725a0cf4df9307bfe2f1a3b2cb983d8e6affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < dc1c17716c099c90948ebb83e2170dd75a3be6b6affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 39366b47a59d46af15ac57beb0996268bf911f6aaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 30210947a343b6b3ca13adc9bfc88e1543e16dd5affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.145 <= 5.15.*unaffected
LinuxLinux6.1.28 <= 6.1.*unaffected
LinuxLinux6.2.15 <= 6.2.*unaffected
LinuxLinux6.3.2 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References