CVE-2023-52752 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 96.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 21
Latest updateOct 25
Description
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
Skip SMB sessions that are being teared down
(e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show()
to avoid use-after-free in @ses.
This fixes the following GPF when reading from /proc/fs/cifs/DebugData
while mounting and umounting
[ 816.251274] general protection fault, probably for non-canonical
address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages7 packages
▶CVEListV5linux/linux7f48558e6489d032b1584b0cc9ac4bb11072c034 — 2abdf136784b7edaec7ffe0f4b461b63f9c4c4de+7
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
15📋Vendor Advisories
16📄Research Papers
1💬Community
1Bugzilla▶
CVE-2023-52752 kernel: smb: client: fix use-after-free bug in cifs_debug_data_proc_show()↗2024-05-22