CVE-2023-54258

EPSS 0.03%
Veröffentlicht 30.12.2025 12:15:52
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix potential oops in cifs_oplock_break

With deferred close we can have closes that race with lease breaks,
and so with the current checks for whether to send the lease response,
oplock_response(), this can mean that an unmount (kill_sb) can occur
just before we were checking if the tcon->ses is valid.  See below:

[Fri Aug  4 04:12:50 2023] RIP: 0010:cifs_oplock_break+0x1f7/0x5b0 [cifs]
[Fri Aug  4 04:12:50 2023] Code: 7d a8 48 8b 7d c0 c0 e9 02 48 89 45 b8 41 89 cf e8 3e f5 ff ff 4c 89 f7 41 83 e7 01 e8 82 b3 03 f2 49 8b 45 50 48 85 c0 74 5e <48> 83 78 60 00 74 57 45 84 ff 75 52 48 8b 43 98 48 83 eb 68 48 39
[Fri Aug  4 04:12:50 2023] RSP: 0018:ffffb30607ddbdf8 EFLAGS: 00010206
[Fri Aug  4 04:12:50 2023] RAX: 632d223d32612022 RBX: ffff97136944b1e0 RCX: 0000000080100009
[Fri Aug  4 04:12:50 2023] RDX: 0000000000000001 RSI: 0000000080100009 RDI: ffff97136944b188
[Fri Aug  4 04:12:50 2023] RBP: ffffb30607ddbe58 R08: 0000000000000001 R09: ffffffffc08e0900
[Fri Aug  4 04:12:50 2023] R10: 0000000000000001 R11: 000000000000000f R12: ffff97136944b138
[Fri Aug  4 04:12:50 2023] R13: ffff97149147c000 R14: ffff97136944b188 R15: 0000000000000000
[Fri Aug  4 04:12:50 2023] FS:  0000000000000000(0000) GS:ffff9714f7c00000(0000) knlGS:0000000000000000
[Fri Aug  4 04:12:50 2023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Fri Aug  4 04:12:50 2023] CR2: 00007fd8de9c7590 CR3: 000000011228e000 CR4: 0000000000350ef0
[Fri Aug  4 04:12:50 2023] Call Trace:
[Fri Aug  4 04:12:50 2023]  <TASK>
[Fri Aug  4 04:12:50 2023]  process_one_work+0x225/0x3d0
[Fri Aug  4 04:12:50 2023]  worker_thread+0x4d/0x3e0
[Fri Aug  4 04:12:50 2023]  ? process_one_work+0x3d0/0x3d0
[Fri Aug  4 04:12:50 2023]  kthread+0x12a/0x150
[Fri Aug  4 04:12:50 2023]  ? set_kthread_struct+0x50/0x50
[Fri Aug  4 04:12:50 2023]  ret_from_fork+0x22/0x30
[Fri Aug  4 04:12:50 2023]  </TASK>

To fix this change the ordering of the checks before sending the oplock_response
to first check if the openFileList is empty.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b99f490ea87ebcca3a429fd8837067feb56a4c7c

Version 63fb45ddc491895c4b36664e0c2c3b548545ae93

Status affected

Version < 5ee28bcfbaacf289eb25c662a2862542ea6ce6a7

Version 1bf709b9625001eefdd41048c5f4c7544ee33394

Status affected

Version < 6b67a6d2e50634fe127e656147c81915955e9f5e

Version 3b4c15171c3ce9120c81f5564b9367d8d0f4219c

Status affected

Version < e8f5f849ffce24490eb9449e98312b66c0dba76f

Version da787d5b74983f7525d1eb4b9c0b4aff2821511a

Status affected

Version cff7fb969edaeff2bc80c8a8f7cf7b0c8df32da7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5.15.128

Version 5.15.121

Status affected

Version < 6.1.47

Version 6.1.39

Status affected

Version < 6.4.12

Version 6.4.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b99f490ea87ebcca3a429fd8837067feb56a4c7c

https://git.kernel.org/stable/c/5ee28bcfbaacf289eb25c662a2862542ea6ce6a7

https://git.kernel.org/stable/c/6b67a6d2e50634fe127e656147c81915955e9f5e

https://git.kernel.org/stable/c/e8f5f849ffce24490eb9449e98312b66c0dba76f

https://nvd.nist.gov/vuln/detail/CVE-2023-54258

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54258

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54258

EUVD