发布于3月6日3月6日 Members VMware Photon OS: CVE-2023-52752 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/21/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [816.260138] Call Trace: [816.260329]<TASK> [816.260499]? die_addr+0x36/0x90 [816.260762]? exc_general_protection+0x1b3/0x410 [816.261126]? asm_exc_general_protection+0x26/0x30 [816.261502]? cifs_debug_tcon+0xbd/0x240 [cifs] [816.261878]? cifs_debug_tcon+0xab/0x240 [cifs] [816.262249]cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [816.262689]? seq_read_iter+0x379/0x470 [816.262995]seq_read_iter+0x118/0x470 [816.263291]proc_reg_read_iter+0x53/0x90 [816.263596]? srso_alias_return_thunk+0x5/0x7f [816.263945]vfs_read+0x201/0x350 [816.264211]ksys_read+0x75/0x100 [816.264472]do_syscall_64+0x3f/0x90 [816.264750]entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [816.265135] RIP: 0033:0x7fd5e669d381 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52752 CVE - 2023-52752
