CVE-2023-53597

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:09
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix mid leak during reconnection after timeout threshold

When the number of responses with status of STATUS_IO_TIMEOUT
exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect
the connection. But we do not return the mid, or the credits
returned for the mid, or reduce the number of in-flight requests.

This bug could result in the server->in_flight count to go bad,
and also cause a leak in the mids.

This change moves the check to a few lines below where the
response is decrypted, even of the response is read from the
transform header. This way, the code for returning the mids
can be reused.

Also, the cifs_reconnect was reconnecting just the transport
connection before. In case of multi-channel, this may not be
what we want to do after several timeouts. Changed that to
reconnect the session and the tree too.

Also renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name
MAX_STATUS_IO_TIMEOUT.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < df31d05f0678cdd0796ea19983a2b93edca18bb0

Version 8e670f77c4a55013db6d23b962f9bf6673a5e7b6

Status affected

Version < c55901d381a22300c9922170e59704059f50977b

Version 8e670f77c4a55013db6d23b962f9bf6673a5e7b6

Status affected

Version < 57d25e9905c71133e201f6d06b56a3403d4ad433

Version 8e670f77c4a55013db6d23b962f9bf6673a5e7b6

Status affected

Version < 69cba9d3c1284e0838ae408830a02c4a063104bc

Version 8e670f77c4a55013db6d23b962f9bf6673a5e7b6

Status affected

Version fa6d7a5853f93efb088aba36af12cb1944156411

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version < 5.10

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.150

Status unaffected

Version <= 6.1.*

Version 6.1.42

Status unaffected

Version <= 6.4.*

Version 6.4.7

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/df31d05f0678cdd0796ea19983a2b93edca18bb0

https://git.kernel.org/stable/c/c55901d381a22300c9922170e59704059f50977b

https://git.kernel.org/stable/c/57d25e9905c71133e201f6d06b56a3403d4ad433

https://git.kernel.org/stable/c/69cba9d3c1284e0838ae408830a02c4a063104bc

https://nvd.nist.gov/vuln/detail/CVE-2023-53597

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53597

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53597

EUVD