| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122433-CVE-2023-54076-e317@gregkh> Date: Wed, 24 Dec 2025 13:27:09 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54076: smb: client: fix missed ses refcounting From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper to get an active reference of @ses and @ses->dfs_root_ses (if set). This will prevent @ses->dfs_root_ses of being put in the next call to cifs_put_smb_ses() and thus potentially causing an use-after-free bug. The Linux kernel CVE team has assigned CVE-2023-54076 to this issue. Affected and fixed versions =========================== Issue introduced in 6.4 with commit 8e3554150d6c80a84b3cb046615d1a0e943811dc and fixed in 6.4.7 with commit eb382196e6f6e05cfafdab797840e5a96c6e7bf0 Issue introduced in 6.4 with commit 8e3554150d6c80a84b3cb046615d1a0e943811dc and fixed in 6.5 with commit bf99f6be2d20146942bce6f9e90a0ceef12cbc1e Issue introduced in 6.2.15 with commit f30d226bcc9f0e2d97b4a6e94c43a28148fbeab6 Issue introduced in 6.3.2 with commit c082c3be0f96e759ff2e361d929832fda0b93851 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54076 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/smb/client/dfs.c fs/smb/client/smb2transport.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/eb382196e6f6e05cfafdab797840e5a96c6e7bf0 https://git.kernel.org/stable/c/bf99f6be2d20146942bce6f9e90a0ceef12cbc1e
Powered by blists - more mailing lists