CVE-2023-52480

Published: Feb 29, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session.

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < a2ca5fd3dbcc665e1169044fa0c9e3eba779202b` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 18ced78b0ebccc2d16f426143dc56ab3aad666be` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 53ff5cf89142b978b1a5ca8dc4d4425e6a09745f`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `5.15.145 - <= 5.15.` unaffected `6.1.57 - <= 6.1.` unaffected `6.5.7 - <= 6.5.*` +1 more versions

References

https://git.kernel.org/stable/c/c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f

https://git.kernel.org/stable/c/a2ca5fd3dbcc665e1169044fa0c9e3eba779202b

https://git.kernel.org/stable/c/18ced78b0ebccc2d16f426143dc56ab3aad666be

https://git.kernel.org/stable/c/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52480

Description

Affected Products

References