CVE-2023-5345— Linux kernel 资源管理错误漏洞

Use-after-free in Linux kernel's fs/smb/client component

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

释放后使用

Linux kernel 资源管理错误漏洞

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在资源管理错误漏洞，该漏洞源于fs/smb/client组件存在释放后重用漏洞。攻击者可利用该漏洞来提升权限。

N/A

N/A