A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.
In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.
We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Oct 2023, 17:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/ - Mailing List | |
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
10 Oct 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 20:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:* |
|
CWE | CWE-416 | |
First Time |
Linux
Linux linux Kernel |
|
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705 - Mailing List, Patch | |
References | (MISC) https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705 - Mailing List, Patch |
03 Oct 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-03 03:15
Updated : 2024-02-08 16:15
NVD link : CVE-2023-5345
Mitre link : CVE-2023-5345
CVE.ORG link : CVE-2023-5345
JSON object : View
Products Affected
fedoraproject
- fedora
linux
- linux_kernel
CWE
CWE-416
Use After Free