7
CVE-2023-53358
- EPSS 0.16%
- Veröffentlicht 17.09.2025 14:56:48
- Zuletzt bearbeitet 14.01.2026 19:16:32
- CVE-Watchlists
- Unerledigt
ksmbd: fix racy issue under cocurrent smb2 tree disconnect
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurrent access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.145
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.28
Linux ≫ Linux Kernel Version >= 6.2 < 6.2.15
Linux ≫ Linux Kernel Version >= 6.3 < 6.3.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/b36295c17fb97424406f0c3ab321b1ccaabb9be8
https://git.kernel.org/stable/c/bd80d35725a0cf4df9307bfe2f1a3b2cb983d8e6
https://git.kernel.org/stable/c/dc1c17716c099c90948ebb83e2170dd75a3be6b6
https://git.kernel.org/stable/c/39366b47a59d46af15ac57beb0996268bf911f6a
https://git.kernel.org/stable/c/30210947a343b6b3ca13adc9bfc88e1543e16dd5