CVE-2023-54280

Published: Dec 30, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.

Vendor	Product	Versions
Linux	Linux	affected `c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e - < 536ec71ba060a02fabe8e22cecb82fe7b3a8708b` affected `c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e - < 553476df55a111e6a66ad9155256aec0ec1b7ad0` affected `c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e - < ee20d7c6100752eaf2409d783f4f1449c29ea33d` affected `81d583baa5f1abd73c755ce1992929debd20b687` affected `5.15.81 - < 5.16`
Linux	Linux	affected `5.16` unaffected `0 - < 5.16` unaffected `6.2.15 - <= 6.2.` unaffected `6.3.2 - <= 6.3.` unaffected `6.4 - <= *`

References

https://git.kernel.org/stable/c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b

https://git.kernel.org/stable/c/553476df55a111e6a66ad9155256aec0ec1b7ad0

https://git.kernel.org/stable/c/ee20d7c6100752eaf2409d783f4f1449c29ea33d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-54280

Description

Affected Products

References