CVE-2023-52752 smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

2024-05-2115:30:40

Linux

github.com

linux kernel

smb client

vulnerability

AI Score

Confidence

Low

EPSS

Percentile

5.1%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

Skip SMB sessions that are being teared down
(e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show()
to avoid use-after-free in @ses.

This fixes the following GPF when reading from /proc/fs/cifs/DebugData
while mounting and umounting

[ 816.251274] general protection fault, probably for non-canonical
address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI
…
[ 816.260138] Call Trace:
[ 816.260329] <TASK>
[ 816.260499] ? die_addr+0x36/0x90
[ 816.260762] ? exc_general_protection+0x1b3/0x410
[ 816.261126] ? asm_exc_general_protection+0x26/0x30
[ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs]
[ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs]
[ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs]
[ 816.262689] ? seq_read_iter+0x379/0x470
[ 816.262995] seq_read_iter+0x118/0x470
[ 816.263291] proc_reg_read_iter+0x53/0x90
[ 816.263596] ? srso_alias_return_thunk+0x5/0x7f
[ 816.263945] vfs_read+0x201/0x350
[ 816.264211] ksys_read+0x75/0x100
[ 816.264472] do_syscall_64+0x3f/0x90
[ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 816.265135] RIP: 0033:0x7fd5e669d381

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.7"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.6.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "1da177e4c3f4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.1.64"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.5.13"
      }
    ],
    "defaultStatus": "unknown"
  }
]