CVE-2023-53794

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix session state check in reconnect to avoid use-after-free issue

Don't collect exiting session in smb2_reconnect_server(), because it will be released soon.

Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4fcd1813e6404dd4420c7d12fb483f9320f0bf93 < 7e4f5c3f01fb0e51ca438e43262d858daf9a0a76affected
LinuxLinux4fcd1813e6404dd4420c7d12fb483f9320f0bf93 < 759ffc164d95a32c09528766d74d9b4fb054e8f4affected
LinuxLinux4fcd1813e6404dd4420c7d12fb483f9320f0bf93 < 99f280700b4cc02d5f141b8d15f8e9fad0418f65affected
LinuxLinux655e0c067f0e02ece03fd0591dabe3db2ae27552affected
LinuxLinux875cc09c0767a4ac06b57af383709657f98b3ea1affected
LinuxLinux599fe1409085059ba12a2c3897c853be9fa9e7cfaffected
LinuxLinux2e4378ee60049b752c9dce16f62ce6fbd11b379aaffected
LinuxLinux59b520454b323ec43b2ae757217332cea33091e0affected
LinuxLinuxe20c888e2b3576e5f498c167729d274ef60b86f8affected
LinuxLinux4ce7aa4e44d88ce64ea8ae2337b8910f3670b0baaffected
LinuxLinux419fad68e4c4135ff9859e9214dd6cf954413ca1affected
LinuxLinux3.10.103 < 3.11affected
LinuxLinux3.12.63 < 3.13affected
LinuxLinux3.14.74 < 3.15affected
LinuxLinux3.16.37 < 3.17affected
LinuxLinux3.18.37 < 3.19affected
LinuxLinux4.1.28 < 4.2affected
LinuxLinux4.4.16 < 4.5affected
LinuxLinux4.6.5 < 4.7affected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux6.1.47 <= 6.1.*unaffected
LinuxLinux6.4.12 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References