Bug 2242172 (CVE-2023-5345)
| Summary: | CVE-2023-5345 kernel: use-after-free vulnerability in the smb client component | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, allarkin, bhu, chwhite, cye, dbohanno, debarbos, dfreiber, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jpoimboe, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, mcascell, nmurray, ptalbert, rogbas, rparrazo, rrobaina, rvrbovsk, scweaver, tglozar, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 6.6-rc4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the SMB client component in the Linux kernel. In case of an error in smb3_fs_context_parse_param, `ctx->password` was freed, but the field was not set to NULL, potentially leading to a use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2242280 | ||
| Bug Blocks: | 2242170 | ||
|
Description
Patrick Del Bello
2023-10-04 17:59:03 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2242280] A use-after-free vulnerability in the Linux kernel's SMB client component, potentially allowing privilege escalation. https://mycenturahealth.site/ This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7734 https://access.redhat.com/errata/RHSA-2023:7734 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7749 https://access.redhat.com/errata/RHSA-2023:7749
Comment 19
https://bugzilla.redhat.com/token.cgi?t=EHHR24Xeyi&a=request_new_account
2024-04-26 19:22:13 UTC
Comment hidden (spam)
The https://mycenturahealth.click/ patient portal is a convenient tool to help you manage your health online. Once you’ve registered, you can view your past medical history, check current lab results, and pay your medical bills online. You can also order and request prescriptions, get your immunizations, and receive reminders about upcoming appointments and tests. This is a great post. I like this topic. I found many interesting things on this site. Thanks for posting this. This is a great post. I like this topic. I found many interesting things on this site. Thanks for posting this. https://osceolacountypropertyappraiser.org |