CVE-2023-53008

MEDIUM

Linux Kernel < 6.1.9 - Use-After-Free in CIFS Session Setup

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b

Patch

https://git.kernel.org/stable/c/2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (8)

Linux/Linux < 2.6.37

Linux/Linux 2.6.37

Linux/Linux 6.1.9 - 6.1.*

Linux/Linux 6.2

Linux/Linux d3686d54c7902a303bd65d751226aa1647319863 - 2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f

Linux/Linux d3686d54c7902a303bd65d751226aa1647319863 - 893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b

linux/linux_kernel 6.2 rc1 (3 CPE variants)

linux/linux_kernel < 6.1.9

Published Mar 27, 2025

Tracked Since Feb 18, 2026