Bug 2242172 (CVE-2023-5345) - CVE-2023-5345 kernel: use-after-free vulnerability in the smb client component
Summary: CVE-2023-5345 kernel: use-after-free vulnerability in the smb client component
Keywords:
Status: NEW
Alias: CVE-2023-5345
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2242280
Blocks: 2242170
TreeView+ depends on / blocked
 
Reported: 2023-10-04 17:59 UTC by Patrick Del Bello
Modified: 2024-04-26 19:22 UTC (History)
47 users (show)

Fixed In Version: kernel 6.6-rc4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the SMB client component in the Linux kernel. In case of an error in smb3_fs_context_parse_param, `ctx->password` was freed, but the field was not set to NULL, potentially leading to a use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7734 0 None None None 2023-12-12 10:54:43 UTC
Red Hat Product Errata RHSA-2023:7749 0 None None None 2023-12-12 17:22:25 UTC

Description Patrick Del Bello 2023-10-04 17:59:03 UTC 
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.
In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.
We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
Comment 5 Mauro Matteo Cascella 2023-10-05 10:17:19 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2242280]
Comment 12 Ricky 2023-11-04 10:16:59 UTC Comment hidden (spam)
Comment 16 errata-xmlrpc 2023-12-12 10:54:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7734 https://access.redhat.com/errata/RHSA-2023:7734
Comment 17 errata-xmlrpc 2023-12-12 17:22:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7749 https://access.redhat.com/errata/RHSA-2023:7749
Comment 19 https://bugzilla.redhat.com/token.cgi?t=EHHR24Xeyi&a=request_new_account 2024-04-26 19:22:13 UTC 
The https://mycenturahealth.click/ patient portal is a convenient tool to help you manage your health online. Once you’ve registered, you can view your past medical history, check current lab results, and pay your medical bills online. You can also order and request prescriptions, get your immunizations, and receive reminders about upcoming appointments and tests.
Note You need to log in before you can comment on or make changes to this bug.