CVE-2023-53377

HIGH

Linux Kernel 6.0.16-6.1.39 - Use-After-Free in SMB2 Compound Operation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixing it by moving the cfile free call to a few lines below, after the usage.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/4fe07d55a5461e66a55fbefb57f85ff0facea32b

Patch

https://git.kernel.org/stable/c/b6353518ef8180816e863aa23b06456f395404d6

Patch

https://git.kernel.org/stable/c/d017880782cf71f8820ee4a2002843893176501d

Patch

https://git.kernel.org/stable/c/33f736187d08f6bc822117629f263b97d3df4165

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 3.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (13)

Linux/Linux < 6.1

Linux/Linux 2d046892a493d9760c35fdaefc3017f27f91b621

Linux/Linux 6.0.16 - 6.1

Linux/Linux 6.1

Linux/Linux 6.1.39 - 6.1.*

Linux/Linux 6.3.13 - 6.3.*

Linux/Linux 6.4.4 - 6.4.*

Linux/Linux 6.5

Linux/Linux 76894f3e2f71177747b8b4763fb180e800279585 - 33f736187d08f6bc822117629f263b97d3df4165

Linux/Linux 76894f3e2f71177747b8b4763fb180e800279585 - 4fe07d55a5461e66a55fbefb57f85ff0facea32b

... and 3 more

Published Sep 18, 2025

Tracked Since Feb 18, 2026