CVE-2023-54280 — Expired Pointer Dereference in Linux

CWE-825 — Expired Pointer Dereference7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.16.0 — 6.2.15+1

▶Debianlinux/linux_kernel< 6.3.7-1+1

▶CVEListV5linux/linuxc88f7dcd6d6429197fc2fd87b54a894ffcd48e8e — 536ec71ba060a02fabe8e22cecb82fe7b3a8708b+4

▶debiandebian/linux< linux 6.3.7-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-2c5w-8p3h-w8f6: In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_I↗2025-12-30

▶

OSV

CVE-2023-54280: In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Inf↗2025-12-30

▶

OSV

cifs: fix potential race when tree connecting ipc↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: cifs: fix potential race when tree connecting ipc↗2025-12-30

▶

Debian

CVE-2023-54280: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: fix p...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54280 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶