CVE-2023-52480

2024-02-2900:00:00

ubuntu.com

linux

kernel

vulnerability

race condition

ksmbd

session lookup

expire thread

uaf

rwsem

unix

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: ksmbd:
fix race condition between session lookup and expire Thread A + Thread B
ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | |
xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) –>
kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add
rwsem to fix race condition between ksmbd_session_lookup and
ksmbd_expire_session.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< 6.5.0-17.17UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1013.13UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-gcp< 6.5.0-1013.13UNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< 6.5.0-1013.13~22.04.1UNKNOWN
ubuntu22.04noarchlinux-hwe-6.5< 6.5.0-17.17~22.04.1UNKNOWN
ubuntu23.10noarchlinux-laptop< 6.5.0-1009.12UNKNOWN
ubuntu23.10noarchlinux-lowlatency< 6.5.0-17.17.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< 6.5.0-17.17	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1013.13	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< 6.5.0-1013.13	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< 6.5.0-1013.13~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.5	< 6.5.0-17.17~22.04.1	UNKNOWN
ubuntu	23.10	noarch	linux-laptop	< 6.5.0-1009.12	UNKNOWN
ubuntu	23.10	noarch	linux-lowlatency	< 6.5.0-17.17.1	UNKNOWN