CVE-2023-54076 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper to get an active reference of @ses and @ses->dfs_root_ses (if set). This will prevent @ses->dfs_root_ses of being put in the next call to cifs_put_smb_ses() and thus potentially causing an use-after-free bug.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.4.0 — 6.4.7

▶Debianlinux/linux_kernel< 6.4.11-1+1

▶CVEListV5linux/linux8e3554150d6c80a84b3cb046615d1a0e943811dc — eb382196e6f6e05cfafdab797840e5a96c6e7bf0+4

▶debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-fm2q-hj9m-hx9r: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() help↗2025-12-24

▶

OSV

smb: client: fix missed ses refcounting↗2025-12-24

▶

OSV

CVE-2023-54076: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifs_smb_ses_inc_refcount() helper↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: smb: client: fix missed ses refcounting↗2025-12-24

▶

Debian

CVE-2023-54076: linux - In the Linux kernel, the following vulnerability has been resolved: smb: client...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54076 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶