Home

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 536ec71ba060a02fabe8e22cecb82fe7b3a8708b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 553476df55a111e6a66ad9155256aec0ec1b7ad0
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ee20d7c6100752eaf2409d783f4f1449c29ea33d
affected

Default status
affected

6.2.15 (semver)
unaffected

6.3.2 (semver)
unaffected

6.4 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b

git.kernel.org/...c/553476df55a111e6a66ad9155256aec0ec1b7ad0

git.kernel.org/...c/ee20d7c6100752eaf2409d783f4f1449c29ea33d

cve.org (CVE-2023-54280)

nvd.nist.gov (CVE-2023-54280)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.