CVE-2023-52572Use After Free in Linux

CWE-416Use After Free24 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1
EPSS
0.0%
top 98.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedMar 2
Latest updateAug 5

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45 ... Call Trace: dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 kasan_check_range+0x145/0x1a0 smb2_is_network_name_deleted+0x27/0x160 cif

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel2.6.165.4.297+5
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-144.157
CVEListV5linux/linuxec637e3ffb6b978143652477c7c5f96c9519b691fe87e2d0e6265859c659a3ef1e2559a83c5e8e68+6
debiandebian/linux< linux 6.1.64-1 (bookworm)

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
OSV
linux-raspi vulnerabilities2025-08-05
OSV
linux-xilinx-zynqmp vulnerabilities2025-07-29
OSV
linux-kvm vulnerabilities2025-07-22
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvi2025-07-18
OSV
linux-intel-iot-realtime, linux-realtime vulnerabilities2025-07-18

📋Vendor Advisories

12
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-08-05
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-07-29
Ubuntu
Linux kernel (KVM) vulnerabilities2025-07-22
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-07-18
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-07-18