CVE-2023-53377

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53377

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-53377

Downstream

Related

Published

2025-09-18T13:33:23.162Z

Modified

2026-03-20T12:33:07.795865Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

cifs: prevent use-after-free by freeing the cfile later

Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: prevent use-after-free by freeing the cfile later

In smb2compoundop we have a possible use-after-free which can cause hard to debug problems later on.

This was revealed during stress testing with KASAN enabled kernel. Fixing it by moving the cfile free call to a few lines below, after the usage.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53377.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

76894f3e2f71177747b8b4763fb180e800279585

Fixed

4fe07d55a5461e66a55fbefb57f85ff0facea32b

Fixed

b6353518ef8180816e863aa23b06456f395404d6

Fixed

d017880782cf71f8820ee4a2002843893176501d

Fixed

33f736187d08f6bc822117629f263b97d3df4165

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2d046892a493d9760c35fdaefc3017f27f91b621

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53377.json"