{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52757", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.237Z", "datePublished": "2024-05-21T15:30:44.248Z", "dateUpdated": "2024-12-19T08:25:07.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:25:07.680Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifsproto.h", "fs/smb/client/smb2misc.c", "fs/smb/client/transport.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b9bb9607b1fc12fca51f5632da25b36975f599bf", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c1a5962f1462b64fe7b69f20a4b6af8067bc2d26", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e6322fd177c6885a21dd4609dc5e5c973d1a2eb7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifsproto.h", "fs/smb/client/smb2misc.c", "fs/smb/client/transport.c"], "versions": [{"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"}, {"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"}, {"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"}, {"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"}], "title": "smb: client: fix potential deadlock when releasing mids", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52757", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:37:12.677779Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:56.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52757", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:37:12.677779Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.703Z"}}], "cna": {"title": "smb: client: fix potential deadlock when releasing mids", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b9bb9607b1fc12fca51f5632da25b36975f599bf", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c1a5962f1462b64fe7b69f20a4b6af8067bc2d26", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e6322fd177c6885a21dd4609dc5e5c973d1a2eb7", "versionType": "git"}], "programFiles": ["fs/smb/client/cifsproto.h", "fs/smb/client/smb2misc.c", "fs/smb/client/transport.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.64", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/client/cifsproto.h", "fs/smb/client/smb2misc.c", "fs/smb/client/transport.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"}, {"url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"}, {"url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"}, {"url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:25:07.680Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52757", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:25:07.680Z", "dateReserved": "2024-05-21T15:19:24.237Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:30:44.248Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8093658-5835-493E-9047-EEC6269C0BB1", "versionEndExcluding": "6.1.64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4", "versionEndExcluding": "6.5.13", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: client: corrige un posible punto muerto al liberar mids. Todos los llamadores de release_mid() parecen tener una referencia de @mid, por lo que no hay necesidad de llamar a kref_put(&mid->refcount, __release_mid ) en @servidor->mid_lock spinlock. Si no lo hacen, de todos modos se habr\u00eda producido un error de use after free. Al deshacerse de dicho bloqueo de giro, tambi\u00e9n se soluciona un posible punto muerto como se muestra a continuaci\u00f3n CPU 0 CPU 1 -------------------------------- ---------------------------------- cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&servidor->mid_lock) ; spin_lock(&cifs_tcp_ses_lock) spin_lock(&servidor->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) *punto muerto*"}], "id": "CVE-2023-52757", "lastModified": "2025-01-06T20:27:47.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T16:15:15.187", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: smb: client: fix potential deadlock when releasing mids", "id": "2282641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282641"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix potential deadlock when releasing mids\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\nrelease_mid()\nspin_lock(&server->mid_lock);\nspin_lock(&cifs_tcp_ses_lock)\nspin_lock(&server->mid_lock)\n__release_mid()\nsmb2_find_smb_tcon()\nspin_lock(&cifs_tcp_ses_lock) *deadlock*"], "name": "CVE-2023-52757", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52757\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52757\nhttps://lore.kernel.org/linux-cve-announce/2024052146-CVE-2023-52757-5028@gregkh/T"], "threat_severity": "Moderate"}