First published: Tue Oct 03 2023(Updated: )
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <6.6 | 6.6 |
Linux Kernel | >=6.0.16<6.1.56 | |
Linux Kernel | >=6.2<6.5.6 | |
Linux Kernel | =6.6-rc1 | |
Linux Kernel | =6.6-rc2 | |
Linux Kernel | =6.6-rc3 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
Linux Kernel | <6.6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 | |
IBM InfoSphere Guardium z/OS | <=12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-5345 is high, with a CVSS score of 7.8.
The use-after-free vulnerability can be exploited to achieve local privilege escalation.
CVE-2023-5345 can lead to local privilege escalation.
Linux kernel versions 6.6, 6.6-rc1, 6.6-rc2, and 6.6-rc3 are affected by CVE-2023-5345.
We recommend upgrading to a patched version of the Linux kernel to fix CVE-2023-5345.