CVE-2023-54280
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential race when tree connecting ipc
Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e < 536ec71ba060a02fabe8e22cecb82fe7b3a8708b | affected |
| Linux | Linux | c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e < 553476df55a111e6a66ad9155256aec0ec1b7ad0 | affected |
| Linux | Linux | c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e < ee20d7c6100752eaf2409d783f4f1449c29ea33d | affected |
| Linux | Linux | 81d583baa5f1abd73c755ce1992929debd20b687 | affected |
| Linux | Linux | 5.15.81 < 5.16 | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 6.2.15 <= 6.2.* | unaffected |
| Linux | Linux | 6.3.2 <= 6.3.* | unaffected |
| Linux | Linux | 6.4 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b
- https://git.kernel.org/stable/c/553476df55a111e6a66ad9155256aec0ec1b7ad0
- https://git.kernel.org/stable/c/ee20d7c6100752eaf2409d783f4f1449c29ea33d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.