Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2023-52752: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

SUSE: CVE-2023-52752: SUSE Linux Security Advisory

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/21/2024

Created

07/10/2024

Added

07/10/2024

Modified

07/11/2024

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381

Solution(s)

suse-upgrade-cluster-md-kmp-azure
suse-upgrade-cluster-md-kmp-rt
suse-upgrade-dlm-kmp-azure
suse-upgrade-dlm-kmp-rt
suse-upgrade-gfs2-kmp-azure
suse-upgrade-gfs2-kmp-rt
suse-upgrade-kernel-64kb
suse-upgrade-kernel-64kb-devel
suse-upgrade-kernel-azure
suse-upgrade-kernel-azure-base
suse-upgrade-kernel-azure-devel
suse-upgrade-kernel-azure-extra
suse-upgrade-kernel-azure-livepatch-devel
suse-upgrade-kernel-azure-optional
suse-upgrade-kernel-azure-vdso
suse-upgrade-kernel-default
suse-upgrade-kernel-default-base
suse-upgrade-kernel-default-devel
suse-upgrade-kernel-devel
suse-upgrade-kernel-devel-azure
suse-upgrade-kernel-devel-rt
suse-upgrade-kernel-docs
suse-upgrade-kernel-macros
suse-upgrade-kernel-obs-build
suse-upgrade-kernel-preempt
suse-upgrade-kernel-preempt-devel
suse-upgrade-kernel-rt
suse-upgrade-kernel-rt-devel
suse-upgrade-kernel-rt-extra
suse-upgrade-kernel-rt-livepatch
suse-upgrade-kernel-rt-livepatch-devel
suse-upgrade-kernel-rt-optional
suse-upgrade-kernel-rt-vdso
suse-upgrade-kernel-rt_debug
suse-upgrade-kernel-rt_debug-devel
suse-upgrade-kernel-rt_debug-livepatch-devel
suse-upgrade-kernel-rt_debug-vdso
suse-upgrade-kernel-source
suse-upgrade-kernel-source-azure
suse-upgrade-kernel-source-rt
suse-upgrade-kernel-syms
suse-upgrade-kernel-syms-azure
suse-upgrade-kernel-syms-rt
suse-upgrade-kernel-zfcpdump
suse-upgrade-kselftests-kmp-azure
suse-upgrade-kselftests-kmp-rt
suse-upgrade-ocfs2-kmp-azure
suse-upgrade-ocfs2-kmp-rt
suse-upgrade-reiserfs-kmp-azure
suse-upgrade-reiserfs-kmp-default
suse-upgrade-reiserfs-kmp-rt

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2023-52752: SUSE Linux Security Advisory

SUSE: CVE-2023-52752: SUSE Linux Security Advisory

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.