A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.
In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.
We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2023-10-03T02:33:06.684Z
Updated: 2024-08-02T07:52:08.630Z
Reserved: 2023-10-02T23:43:23.770Z
Link: CVE-2023-5345
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-03T03:15:09.750
Modified: 2024-11-21T08:41:34.690
Link: CVE-2023-5345
Redhat