UBUNTU-CVE-2023-5345

Description

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  < 6.2.0-1016.16~22.04.1

• ubuntu•linux-aws-6.5

  < 6.5.0-1010.10~22.04.1

• ubuntu•linux-azure

  all | < 5.15.0-1054.62

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1054.62~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  < 6.2.0-1017.17~22.04.1

• ubuntu•linux-azure-6.5

  < 6.5.0-1009.9~22.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1054.62.1 | all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  < 6.2.0-1017.17~22.04.1.1

• ubuntu•linux-azure-fde-6.8

  all

• ubuntu•linux-azure-fips

  all

• ubuntu•linux-bluefield

  all

• ubuntu•linux-gcp

  all

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  < 6.2.0-1019.21~22.04.1

• ubuntu•linux-gke

  all

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.19

  all

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-6.2

  < 6.2.0-37.38~22.04.1

• ubuntu•linux-hwe-edge

  all

• ubuntu•linux-intel-5.13

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-lowlatency-hwe-5.19

  all

• ubuntu•linux-lowlatency-hwe-6.2

  < 6.2.0-1017.17~22.04.1

• ubuntu•linux-nvidia

  all

• ubuntu•linux-nvidia-6.2

  < 6.2.0-1012.12

Showing first 50 affected entries in server-rendered view.

References (16)

• https://ubuntu.com/security/CVE-2023-5345
• https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
• https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
• https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
• https://ubuntu.com/security/notices/USN-6461-1
• https://ubuntu.com/security/notices/USN-6502-1
• https://ubuntu.com/security/notices/USN-6503-1
• https://ubuntu.com/security/notices/USN-6502-2
• https://ubuntu.com/security/notices/USN-6502-3
• https://ubuntu.com/security/notices/USN-6520-1
• https://ubuntu.com/security/notices/USN-6502-4
• https://ubuntu.com/security/notices/USN-6537-1
• https://ubuntu.com/security/notices/USN-6572-1
• https://ubuntu.com/security/notices/USN-6607-1
• https://www.cve.org/CVERecord?id=CVE-2023-5345