[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-52751":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":50,"related":51,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":72,"kevs":87,"epss":88,"epss_history":91,"metrics":345,"affected":351},"CVE-2023-52751","In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in smb2_query_info_compound()\n\nThe following UAF was triggered when running fstests generic/072 with\nKASAN enabled against Windows Server 2022 and mount options\n'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm'\n\n  BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs]\n  Read of size 8 at addr ffff888014941048 by task xfs_io/27534\n\n  CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n  Call Trace:\n   dump_stack_lvl+0x4a/0x80\n   print_report+0xcf/0x650\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __phys_addr+0x46/0x90\n   kasan_report+0xda/0x110\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n   smb2_query_info_compound+0x423/0x6d0 [cifs]\n   ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __stack_depot_save+0x39/0x480\n   ? kasan_save_stack+0x33/0x60\n   ? kasan_set_track+0x25/0x30\n   ? ____kasan_slab_free+0x126/0x170\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   ? __pfx_smb2_queryfs+0x10/0x10 [cifs]\n   ? __pfx___lock_acquire+0x10/0x10\n   smb311_queryfs+0x210/0x220 [cifs]\n   ? __pfx_smb311_queryfs+0x10/0x10 [cifs]\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? __lock_acquire+0x480/0x26c0\n   ? lock_release+0x1ed/0x640\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? do_raw_spin_unlock+0x9b/0x100\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   ? __pfx___do_sys_fstatfs+0x10/0x10\n   ? srso_alias_return_thunk+0x5/0x7f\n   ? lockdep_hardirqs_on_prepare+0x136/0x200\n   ? srso_alias_return_thunk+0x5/0x7f\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Allocated by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   __kasan_kmalloc+0x8f/0xa0\n   open_cached_dir+0x71b/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n   smb311_queryfs+0x210/0x220 [cifs]\n   cifs_statfs+0x18c/0x4b0 [cifs]\n   statfs_by_dentry+0x9b/0xf0\n   fd_statfs+0x4e/0xb0\n   __do_sys_fstatfs+0x7f/0xe0\n   do_syscall_64+0x3f/0x90\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n  Freed by task 27534:\n   kasan_save_stack+0x33/0x60\n   kasan_set_track+0x25/0x30\n   kasan_save_free_info+0x2b/0x50\n   ____kasan_slab_free+0x126/0x170\n   slab_free_freelist_hook+0xd0/0x1e0\n   __kmem_cache_free+0x9d/0x1b0\n   open_cached_dir+0xff5/0x1240 [cifs]\n   smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n   smb2_queryfs+0xc2/0x2c0 [cifs]\n\nThis is a race between open_cached_dir() and cached_dir_lease_break()\nwhere the cache entry for the open directory handle receives a lease\nbreak while creating it.  And before returning from open_cached_dir(),\nwe put the last reference of the new @cfid because of\n!@cfid->has_lease.\n\nBesides the UAF, while running xfstests a lot of missed lease breaks\nhave been noticed in tests that run several concurrent statfs(2) calls\non those cached fids\n\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108\n  CIFS: VFS: Dump pending requests:\n  CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n  CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n  CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 000000005aa7316e len 108\n  ...\n\nTo fix both, in open_cached_dir() ensure that @cfid->has_lease is set\nright before sending out compounded request so that any potential\nlease break will be get processed by demultiplex thread while we're\nstill caching @cfid.  And, if open failed for some reason, re-check\n@cfid->has_lease to decide whether or not put lease reference.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48],{"_key":25},"SUSE-SU-2024:2802-1",{"_key":27},"SUSE-SU-2024:2894-1",{"_key":29},"SUSE-SU-2024:2896-1",{"_key":31},"SUSE-SU-2024:2939-1",{"_key":33},"SUSE-SU-2024:2947-1",{"_key":35},"SUSE-SU-2024:2973-1",{"_key":37},"SUSE-SU-2025:20008-1",{"_key":39},"SUSE-SU-2025:20028-1",{"_key":41},"DEBIAN-CVE-2023-52751",{"_key":43},"RHSA-2024:9315",{"_key":45},"UBUNTU-CVE-2023-52751",{"_key":47},"USN-7123-1",{"_key":49},"USN-7194-1",[],[52,53,54,55,56,57,58,59],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},"2024-05-21T15:30:40.226Z","2026-05-11T19:32:29.874Z","Analyzed",{"cisa_kev":64,"cisa_ransomware":64,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":62},false,"low",0.0002,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[73,79,83],{"url":74,"sources":75,"tags":77},"https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9",[76,70],"cve.org",[78],"Patch",{"url":80,"sources":81,"tags":82},"https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f",[76,70],[78],{"url":84,"sources":85,"tags":86},"https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b",[76,70],[78],[],{"date":89,"score":66,"percentile":90},"2026-06-03",0.05835,[92,96,99,102,105,108,111,114,117,120,123,126,129,132,135,139,142,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,195,198,201,205,207,210,213,215,218,221,224,226,229,232,235,238,240,243,246,249,252,255,258,260,262,265,267,269,272,275,278,281,284,287,290,292,294,296,299,302,305,308,310,313,316,319,321,324,326,328,330,332,334,337,339,342],{"date":93,"score":94,"percentile":95},"2025-11-04",0.00014,0.01654,{"date":97,"score":94,"percentile":98},"2025-11-05",0.01681,{"date":100,"score":94,"percentile":101},"2025-11-06",0.01698,{"date":103,"score":94,"percentile":104},"2025-11-07",0.01701,{"date":106,"score":94,"percentile":107},"2025-11-08",0.01704,{"date":109,"score":94,"percentile":110},"2025-11-09",0.01705,{"date":112,"score":94,"percentile":113},"2025-11-10",0.01689,{"date":115,"score":94,"percentile":116},"2025-11-11",0.01699,{"date":118,"score":94,"percentile":119},"2025-11-12",0.0171,{"date":121,"score":94,"percentile":122},"2025-11-13",0.01724,{"date":124,"score":94,"percentile":125},"2025-11-14",0.01728,{"date":127,"score":94,"percentile":128},"2025-11-15",0.01748,{"date":130,"score":94,"percentile":131},"2025-11-16",0.01753,{"date":133,"score":94,"percentile":134},"2025-11-17",0.01738,{"date":136,"score":137,"percentile":138},"2025-11-18",0.00072,0.18098,{"date":140,"score":137,"percentile":141},"2025-11-19",0.18116,{"date":143,"score":137,"percentile":144},"2025-11-20",0.18091,{"date":146,"score":94,"percentile":147},"2025-11-21",0.01801,{"date":149,"score":94,"percentile":150},"2025-11-22",0.01798,{"date":152,"score":94,"percentile":153},"2025-11-23",0.01793,{"date":155,"score":94,"percentile":156},"2025-11-24",0.01783,{"date":158,"score":94,"percentile":159},"2025-11-25",0.01778,{"date":161,"score":94,"percentile":162},"2025-11-26",0.01736,{"date":164,"score":94,"percentile":165},"2025-11-27",0.01737,{"date":167,"score":94,"percentile":168},"2025-11-28",0.01734,{"date":170,"score":94,"percentile":171},"2025-11-29",0.01781,{"date":173,"score":94,"percentile":174},"2025-11-30",0.01789,{"date":176,"score":94,"percentile":177},"2025-12-01",0.01815,{"date":179,"score":94,"percentile":180},"2025-12-02",0.01814,{"date":182,"score":94,"percentile":183},"2025-12-03",0.01819,{"date":185,"score":94,"percentile":186},"2025-12-04",0.01791,{"date":188,"score":94,"percentile":189},"2025-12-05",0.01806,{"date":191,"score":94,"percentile":192},"2025-12-06",0.01812,{"date":194,"score":94,"percentile":189},"2025-12-07",{"date":196,"score":94,"percentile":197},"2025-12-08",0.01808,{"date":199,"score":94,"percentile":200},"2025-12-09",0.01825,{"date":202,"score":203,"percentile":204},"2025-12-10",0.00015,0.02307,{"date":206,"score":203,"percentile":204},"2025-12-11",{"date":208,"score":203,"percentile":209},"2025-12-12",0.02317,{"date":211,"score":203,"percentile":212},"2025-12-13",0.023,{"date":214,"score":203,"percentile":204},"2025-12-14",{"date":216,"score":203,"percentile":217},"2025-12-15",0.02297,{"date":219,"score":203,"percentile":220},"2025-12-16",0.02288,{"date":222,"score":203,"percentile":223},"2025-12-17",0.02305,{"date":225,"score":203,"percentile":204},"2025-12-18",{"date":227,"score":203,"percentile":228},"2025-12-19",0.02312,{"date":230,"score":203,"percentile":231},"2025-12-20",0.02315,{"date":233,"score":203,"percentile":234},"2025-12-21",0.02324,{"date":236,"score":203,"percentile":237},"2025-12-22",0.02321,{"date":239,"score":203,"percentile":234},"2025-12-23",{"date":241,"score":203,"percentile":242},"2025-12-24",0.02337,{"date":244,"score":203,"percentile":245},"2025-12-25",0.02343,{"date":247,"score":203,"percentile":248},"2025-12-26",0.02346,{"date":250,"score":203,"percentile":251},"2025-12-27",0.02329,{"date":253,"score":203,"percentile":254},"2025-12-28",0.02345,{"date":256,"score":203,"percentile":257},"2025-12-29",0.02334,{"date":259,"score":203,"percentile":251},"2025-12-30",{"date":261,"score":203,"percentile":209},"2025-12-31",{"date":263,"score":203,"percentile":264},"2026-01-01",0.02372,{"date":266,"score":203,"percentile":264},"2026-01-02",{"date":268,"score":203,"percentile":264},"2026-01-03",{"date":270,"score":203,"percentile":271},"2026-01-04",0.02308,{"date":273,"score":203,"percentile":274},"2026-01-05",0.02313,{"date":276,"score":203,"percentile":277},"2026-01-06",0.02301,{"date":279,"score":203,"percentile":280},"2026-01-07",0.02316,{"date":282,"score":203,"percentile":283},"2026-01-08",0.0234,{"date":285,"score":203,"percentile":286},"2026-01-09",0.02354,{"date":288,"score":203,"percentile":289},"2026-01-10",0.02362,{"date":291,"score":203,"percentile":248},"2026-01-11",{"date":293,"score":203,"percentile":234},"2026-01-12",{"date":295,"score":203,"percentile":274},"2026-01-13",{"date":297,"score":203,"percentile":298},"2026-01-14",0.02318,{"date":300,"score":203,"percentile":301},"2026-01-15",0.02311,{"date":303,"score":203,"percentile":304},"2026-01-16",0.02306,{"date":306,"score":203,"percentile":307},"2026-01-17",0.02309,{"date":309,"score":203,"percentile":209},"2026-01-18",{"date":311,"score":203,"percentile":312},"2026-01-19",0.02304,{"date":314,"score":203,"percentile":315},"2026-01-20",0.02292,{"date":317,"score":203,"percentile":318},"2026-01-21",0.02286,{"date":320,"score":203,"percentile":318},"2026-01-22",{"date":322,"score":203,"percentile":323},"2026-01-23",0.02296,{"date":325,"score":203,"percentile":280},"2026-01-24",{"date":327,"score":203,"percentile":271},"2026-01-25",{"date":329,"score":203,"percentile":312},"2026-01-26",{"date":331,"score":203,"percentile":204},"2026-01-27",{"date":333,"score":203,"percentile":228},"2026-01-28",{"date":335,"score":203,"percentile":336},"2026-01-29",0.02332,{"date":338,"score":203,"percentile":283},"2026-01-30",{"date":340,"score":203,"percentile":341},"2026-01-31",0.02359,{"date":343,"score":203,"percentile":344},"2026-02-01",0.02409,[346],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":347,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":348,"vectorString":71,"impactScore":349,"exploitabilityScore":350},"HIGH",9.8,4.6,[352,372],{"ecosystem":9,"name":353,"vendor":354,"product":354,"cpe_part":355,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":356},"Linux","linux","a",[357,364,367,370],{"version":358,"is_range":359,"range_type":76,"version_start":360,"version_start_type":361,"version_end":362,"version_end_type":363,"fixed_in":9},">= ebe98f1447bbccf8228335c62d86af02a0ed23f7, \u003C 6db94d08359c43f2c8fe372811cdee04564a41b9",true,"ebe98f1447bbccf8228335c62d86af02a0ed23f7","including","6db94d08359c43f2c8fe372811cdee04564a41b9","excluding",{"version":365,"is_range":359,"range_type":76,"version_start":360,"version_start_type":361,"version_end":366,"version_end_type":363,"fixed_in":9},">= ebe98f1447bbccf8228335c62d86af02a0ed23f7, \u003C 93877b9afc2994c89362007aac480a7b150f386f","93877b9afc2994c89362007aac480a7b150f386f",{"version":368,"is_range":359,"range_type":76,"version_start":360,"version_start_type":361,"version_end":369,"version_end_type":363,"fixed_in":9},">= ebe98f1447bbccf8228335c62d86af02a0ed23f7, \u003C 5c86919455c1edec99ebd3338ad213b59271a71b","5c86919455c1edec99ebd3338ad213b59271a71b",{"version":371,"is_range":64,"range_type":76,"version_start":371,"version_start_type":361,"version_end":371,"version_end_type":361,"fixed_in":9},"6.1",{"ecosystem":9,"name":373,"vendor":354,"product":374,"cpe_part":375,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":376},"linux kernel","linux_kernel","o",[377,381],{"version":378,"is_range":359,"range_type":379,"version_start":9,"version_start_type":9,"version_end":380,"version_end_type":363,"fixed_in":9},"lt6.5.13","cpe","6.5.13",{"version":382,"is_range":359,"range_type":379,"version_start":383,"version_start_type":361,"version_end":384,"version_end_type":363,"fixed_in":9},"gte6.6_lt6.6.3","6.6","6.6.3"]