CVE-2023-52480
- Source
- https://cve.org/CVERecord?id=CVE-2023-52480
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52480.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52480
- Downstream
- Published
- 2024-02-29T05:43:12.019Z
- Modified
- 2026-04-11T12:46:31.445861Z
- Summary
- ksmbd: fix race condition between session lookup and expire
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix race condition between session lookup and expire
Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase(&conn->sessions, sess->id); | | ksmbdsessiondestroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | +
This patch add rwsem to fix race condition between ksmbdsessionlookup and ksmbdexpiresession.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52480.json" }- References
-
- https://git.kernel.org/stable/c/18ced78b0ebccc2d16f426143dc56ab3aad666be
- https://git.kernel.org/stable/c/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f
- https://git.kernel.org/stable/c/a2ca5fd3dbcc665e1169044fa0c9e3eba779202b
- https://git.kernel.org/stable/c/c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52480.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52480
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixedc77fd3e25a51ac92b0f1b347a96eff6a0b4f066fFixeda2ca5fd3dbcc665e1169044fa0c9e3eba779202bFixed18ced78b0ebccc2d16f426143dc56ab3aad666beFixed53ff5cf89142b978b1a5ca8dc4d4425e6a09745f