CVE-2023-54258

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: fix potential oops in cifs_oplock_break<br /> <br /> With deferred close we can have closes that race with lease breaks,<br /> and so with the current checks for whether to send the lease response,<br /> oplock_response(), this can mean that an unmount (kill_sb) can occur<br /> just before we were checking if the tcon-&gt;ses is valid. See below:<br /> <br /> [Fri Aug 4 04:12:50 2023] RIP: 0010:cifs_oplock_break+0x1f7/0x5b0 [cifs]<br /> [Fri Aug 4 04:12:50 2023] Code: 7d a8 48 8b 7d c0 c0 e9 02 48 89 45 b8 41 89 cf e8 3e f5 ff ff 4c 89 f7 41 83 e7 01 e8 82 b3 03 f2 49 8b 45 50 48 85 c0 74 5e 83 78 60 00 74 57 45 84 ff 75 52 48 8b 43 98 48 83 eb 68 48 39<br /> [Fri Aug 4 04:12:50 2023] RSP: 0018:ffffb30607ddbdf8 EFLAGS: 00010206<br /> [Fri Aug 4 04:12:50 2023] RAX: 632d223d32612022 RBX: ffff97136944b1e0 RCX: 0000000080100009<br /> [Fri Aug 4 04:12:50 2023] RDX: 0000000000000001 RSI: 0000000080100009 RDI: ffff97136944b188<br /> [Fri Aug 4 04:12:50 2023] RBP: ffffb30607ddbe58 R08: 0000000000000001 R09: ffffffffc08e0900<br /> [Fri Aug 4 04:12:50 2023] R10: 0000000000000001 R11: 000000000000000f R12: ffff97136944b138<br /> [Fri Aug 4 04:12:50 2023] R13: ffff97149147c000 R14: ffff97136944b188 R15: 0000000000000000<br /> [Fri Aug 4 04:12:50 2023] FS: 0000000000000000(0000) GS:ffff9714f7c00000(0000) knlGS:0000000000000000<br /> [Fri Aug 4 04:12:50 2023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [Fri Aug 4 04:12:50 2023] CR2: 00007fd8de9c7590 CR3: 000000011228e000 CR4: 0000000000350ef0<br /> [Fri Aug 4 04:12:50 2023] Call Trace:<br /> [Fri Aug 4 04:12:50 2023] <br /> [Fri Aug 4 04:12:50 2023] process_one_work+0x225/0x3d0<br /> [Fri Aug 4 04:12:50 2023] worker_thread+0x4d/0x3e0<br /> [Fri Aug 4 04:12:50 2023] ? process_one_work+0x3d0/0x3d0<br /> [Fri Aug 4 04:12:50 2023] kthread+0x12a/0x150<br /> [Fri Aug 4 04:12:50 2023] ? set_kthread_struct+0x50/0x50<br /> [Fri Aug 4 04:12:50 2023] ret_from_fork+0x22/0x30<br /> [Fri Aug 4 04:12:50 2023] <br /> <br /> To fix this change the ordering of the checks before sending the oplock_response<br /> to first check if the openFileList is empty.