CVE-2023-54258NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifs_oplock_break With deferred close we can have closes that race with lease breaks, and so with the current checks for whether to send the lease response, oplock_response(), this can mean that an unmount (kill_sb) can occur just before we were checking if the tcon->ses is valid. See below: [Fri Aug 4 04:12:50 2023] RIP: 0010:cifs_oplock_break+0x1f7/0x5b0 [cifs] [Fri Aug 4 04:12:50 2023] Code: 7d

Affected Packages4 packages

Linuxlinux/linux_kernel5.15.1215.15.128+2
Debianlinux/linux_kernel< 6.4.13-1+1
CVEListV5linux/linux63fb45ddc491895c4b36664e0c2c3b548545ae93b99f490ea87ebcca3a429fd8837067feb56a4c7c+7
debiandebian/linux< linux 6.4.13-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-jxrr-h72w-8m3v: In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifs_oplock_break With deferred close we can have cl2025-12-30
OSV
CVE-2023-54258: In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifs_oplock_break With deferred close we can have clos2025-12-30
OSV
cifs: fix potential oops in cifs_oplock_break2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: Kernel: Denial of Service in CIFS client due to race condition2025-12-30
Debian
CVE-2023-54258: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: fix p...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54258 Impact, Exploitability, and Mitigation Steps | Wiz