CVE-2023-53246
- Source
- https://cve.org/CVERecord?id=CVE-2023-53246
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53246.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53246
- Downstream
- Related
- Published
- 2025-09-15T14:46:15.977Z
- Modified
- 2026-03-20T12:33:02.874929Z
- Summary
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix DFS traversal oops without CONFIGCIFSDFS_UPCALL
When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. cifs.ko logic for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and corresponding dentry flags is retained regardless of CONFIGCIFSDFSUPCALL, leading to a NULL pointer dereference in VFS followautomount() when traversing a DFS referral link: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace: <TASK> __traversemounts+0xb5/0x220 ? cifsrevalidate_mapping+0x65/0xc0 [cifs] stepinto+0x195/0x610 ? lookupfast+0xe2/0xf0 pathlookupat+0x64/0x140 filenamelookup+0xc2/0x140 ? __createobject+0x299/0x380 ? kmemcache_alloc+0x119/0x220 ? userpathatempty+0x31/0x50 userpathatempty+0x31/0x50 __x64syschdir+0x2a/0xd0 ? exittousermodeprepare+0xca/0x100 dosyscall64+0x42/0x90 entrySYSCALL64afterhwframe+0x72/0xdc
This fix adds an inline cifsdfsdautomount() {return -EREMOTE} handler when CONFIGCIFSDFSUPCALL is disabled. An alternative would be to avoid flagging SAUTOMOUNT, etc. without CONFIGCIFSDFSUPCALL. This approach was chosen as it provides more control over the error path.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53246.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/179a88a8558bbf42991d361595281f3e45d7edfc
- https://git.kernel.org/stable/c/1e144b68208e98fd4602c842a7149ba5f41d87fb
- https://git.kernel.org/stable/c/26a32a212bc540f4773cd6af8cf73e967d72569c
- https://git.kernel.org/stable/c/b64305185b76f1d5145ce594ff48f3f0e70695bd
- https://git.kernel.org/stable/c/b7d854c33ab48e55fc233699bbefe39ec9bb5c05
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53246.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53246
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced25e195aa1e607f129ab912d29fcfc79239703307Fixed26a32a212bc540f4773cd6af8cf73e967d72569cFixedb64305185b76f1d5145ce594ff48f3f0e70695bdFixedb7d854c33ab48e55fc233699bbefe39ec9bb5c05Fixed1e144b68208e98fd4602c842a7149ba5f41d87fbFixed179a88a8558bbf42991d361595281f3e45d7edfc