A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-10-03T02:33:06.684Z

Updated: 2024-08-02T07:52:08.630Z

Reserved: 2023-10-02T23:43:23.770Z

Link: CVE-2023-5345

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-03T03:15:09.750

Modified: 2024-11-21T08:41:34.690

Link: CVE-2023-5345

cve-icon Redhat

Severity : Important

Publid Date: 2023-10-02T00:00:00Z

Links: CVE-2023-5345 - Bugzilla