Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52752

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
21/05/2024
Last modified:
25/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: fix use-after-free bug in cifs_debug_data_proc_show()<br /> <br /> Skip SMB sessions that are being teared down<br /> (e.g. @ses-&gt;ses_status == SES_EXITING) in cifs_debug_data_proc_show()<br /> to avoid use-after-free in @ses.<br /> <br /> This fixes the following GPF when reading from /proc/fs/cifs/DebugData<br /> while mounting and umounting<br /> <br /> [ 816.251274] general protection fault, probably for non-canonical<br /> address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI<br /> ...<br /> [ 816.260138] Call Trace:<br /> [ 816.260329] <br /> [ 816.260499] ? die_addr+0x36/0x90<br /> [ 816.260762] ? exc_general_protection+0x1b3/0x410<br /> [ 816.261126] ? asm_exc_general_protection+0x26/0x30<br /> [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs]<br /> [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs]<br /> [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs]<br /> [ 816.262689] ? seq_read_iter+0x379/0x470<br /> [ 816.262995] seq_read_iter+0x118/0x470<br /> [ 816.263291] proc_reg_read_iter+0x53/0x90<br /> [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f<br /> [ 816.263945] vfs_read+0x201/0x350<br /> [ 816.264211] ksys_read+0x75/0x100<br /> [ 816.264472] do_syscall_64+0x3f/0x90<br /> [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br /> [ 816.265135] RIP: 0033:0x7fd5e669d381

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.237 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.181 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.5.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools