Lucene search

PRIOn knowledge basePRION:CVE-2023-5345

HistoryOct 03, 2023 - 3:15 a.m.

Double free

2023-10-0303:15:00

PRIOn knowledge base

www.prio-n.com

linux kernel

use-after-free

vulnerability

smb/client

local privilege escalation

upgrade

nvd

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A use-after-free vulnerability in the Linux kernel’s fs/smb/client component can be exploited to achieve local privilege escalation.

In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.

We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

CPENameOperatorVersion
fedoraeq37
fedoraeq38
fedoraeq39
linux_kerneleq6.6 rc1
linux_kerneleq6.6 rc2
linux_kernellt6.6
linux_kerneleq6.6 rc3

Name	Operator	Version
fedora	eq	37
fedora	eq	38
fedora	eq	39
linux_kernel	eq	6.6 rc1
linux_kernel	eq	6.6 rc2
linux_kernel	lt	6.6
linux_kernel	eq	6.6 rc3

References

packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705

kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705

lists.fedoraproject.org/archives/list/[email protected]/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/

lists.fedoraproject.org/archives/list/[email protected]/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/

lists.fedoraproject.org/archives/list/[email protected]/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/