CVE-2023-53597

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: fix mid leak during reconnection after timeout threshold<br /> <br /> When the number of responses with status of STATUS_IO_TIMEOUT<br /> exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect<br /> the connection. But we do not return the mid, or the credits<br /> returned for the mid, or reduce the number of in-flight requests.<br /> <br /> This bug could result in the server-&gt;in_flight count to go bad,<br /> and also cause a leak in the mids.<br /> <br /> This change moves the check to a few lines below where the<br /> response is decrypted, even of the response is read from the<br /> transform header. This way, the code for returning the mids<br /> can be reused.<br /> <br /> Also, the cifs_reconnect was reconnecting just the transport<br /> connection before. In case of multi-channel, this may not be<br /> what we want to do after several timeouts. Changed that to<br /> reconnect the session and the tree too.<br /> <br /> Also renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name<br /> MAX_STATUS_IO_TIMEOUT.