CVE-2023-53377

HIGH

Linux kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixing it by moving the cfile free call to a few lines below, after the usage.

References (4)

[Patch] https://git.kernel.org/stable/c/33f736187d08f6bc822117629f263b97d3df4165

[Patch] https://git.kernel.org/stable/c/4fe07d55a5461e66a55fbefb57f85ff0facea32b

[Patch] https://git.kernel.org/stable/c/b6353518ef8180816e863aa23b06456f395404d6

[Patch] https://git.kernel.org/stable/c/d017880782cf71f8820ee4a2002843893176501d

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-416

Status published

Affected Products (1)

linux/linux_kernel < 6.1.39

Timeline

Published Sep 18, 2025

Tracked Since Feb 18, 2026