In the Linux kernel, the following vulnerability has been resolved: ksmbd:
fix race condition between session lookup and expire Thread A + Thread B
ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | |
xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) –>
kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add
rwsem to fix race condition between ksmbd_session_lookup and
ksmbd_expire_session.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 23.10 | noarch | linux | < 6.5.0-17.17 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1013.13 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-gcp | < 6.5.0-1013.13 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < 6.5.0-1013.13~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-hwe-6.5 | < 6.5.0-17.17~22.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-laptop | < 6.5.0-1009.12 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-lowlatency | < 6.5.0-17.17.1 | UNKNOWN |
git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5)
launchpad.net/bugs/cve/CVE-2023-52480
nvd.nist.gov/vuln/detail/CVE-2023-52480
security-tracker.debian.org/tracker/CVE-2023-52480
ubuntu.com/security/notices/USN-6725-1
ubuntu.com/security/notices/USN-6725-2
www.cve.org/CVERecord?id=CVE-2023-52480