CVE-2023-54280 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2026-01-05 | Assigner Linux

Product status

Default status

unaffected

c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e (git) before 536ec71ba060a02fabe8e22cecb82fe7b3a8708b

affected

c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e (git) before 553476df55a111e6a66ad9155256aec0ec1b7ad0

affected

c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e (git) before ee20d7c6100752eaf2409d783f4f1449c29ea33d

affected

81d583baa5f1abd73c755ce1992929debd20b687 (git)

affected

Default status

affected

5.16

affected

Any version before 5.16

unaffected

6.2.15 (semver)

unaffected

6.3.2 (semver)

unaffected

6.4 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b

git.kernel.org/...c/553476df55a111e6a66ad9155256aec0ec1b7ad0

git.kernel.org/...c/ee20d7c6100752eaf2409d783f4f1449c29ea33d

cve.org (CVE-2023-54280)

nvd.nist.gov (CVE-2023-54280)

Download JSON

help @ threatint.eu