CVE-2023-53794 — Use After Free in Linux

CWE-416 — Use After Free6 documents5 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 90.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2_reconnect_server(), because it will be released soon. Note that the exiting session will stay in server->smb_ses_list until it complete the cifs_free_ipc() and logoff() and then delete itself from the list.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.7.0 — 6.1.47+1

▶Debianlinux/linux_kernel< 6.1.52-1+2

▶CVEListV5linux/linux4fcd1813e6404dd4420c7d12fb483f9320f0bf93 — 7e4f5c3f01fb0e51ca438e43262d858daf9a0a76+11

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

OSV

cifs: fix session state check in reconnect to avoid use-after-free issue↗2025-12-09

▶

OSV

CVE-2023-53794: In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't col↗2025-12-09

▶

GHSA

GHSA-x47f-6fjp-7wj4: In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't c↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: cifs: fix session state check in reconnect to avoid use-after-free issue↗2025-12-09

▶

Debian

CVE-2023-53794: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: fix s...↗2023

▶