Bugzilla – Bug 1215899
VUL-0: CVE-2023-5345: kernel: use-after-free in fs/smb/client
Last modified: 2024-06-25 17:57:59 UTC
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5345
Tracking as affected: - SLE15-SP4 - SLE15-SP5 - SLE15-SP6 - stable Fixing commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
Reassigning to a concrete person to ensure progress [1] (feel free to pass to the next one), see also the process at [2]. Hi Paulo / Enzo, Could you please take a look at this issue? The upstream fix e6e43b8aa7cd3c3af686caf0c2e11819a886d705 is from v6.6-rc4. [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel [2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security
Thanks Chester! I'll handle it.
Backported the fix to affected SLES kernels. Reassign to security team to close it.
SUSE-SU-2023:4058-1: An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed. Category: security (important) Bug References: 1065729, 1152472, 1187236, 1201284, 1202845, 1206453, 1208995, 1210169, 1210643, 1210658, 1212639, 1212703, 1213123, 1213534, 1213808, 1214022, 1214037, 1214040, 1214233, 1214351, 1214479, 1214543, 1214635, 1214813, 1214873, 1214928, 1214940, 1214941, 1214942, 1214943, 1214944, 1214945, 1214946, 1214947, 1214948, 1214949, 1214950, 1214951, 1214952, 1214953, 1214954, 1214955, 1214957, 1214958, 1214959, 1214961, 1214962, 1214963, 1214964, 1214965, 1214966, 1214967, 1214986, 1214988, 1214990, 1214991, 1214992, 1214993, 1214995, 1214997, 1214998, 1215115, 1215117, 1215123, 1215124, 1215148, 1215150, 1215221, 1215275, 1215322, 1215467, 1215523, 1215581, 1215752, 1215858, 1215860, 1215861, 1215875, 1215877, 1215894, 1215895, 1215896, 1215899, 1215911, 1215915, 1215916, 1215941, 1215956, 1215957 CVE References: CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345 Jira References: PED-1549, PED-2023, PED-2025 Sources used: openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1 Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing