CVE-2023-53246

MEDIUM EPSS 3.4%
Published Sep 15, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to S_AUTOMOUNT and corresponding dentry flags is retained regardless of CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in VFS follow_automount() when traversing a DFS referral link: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace: <TASK> __traverse_mounts+0xb5/0x220 ? cifs_revalidate_mapping+0x65/0xc0 [cifs] step_into+0x195/0x610 ? lookup_fast+0xe2/0xf0 path_lookupat+0x64/0x140 filename_lookup+0xc2/0x140 ? __create_object+0x299/0x380 ? kmem_cache_alloc+0x119/0x220 ? user_path_at_empty+0x31/0x50 user_path_at_empty+0x31/0x50 __x64_sys_chdir+0x2a/0xd0 ? exit_to_user_mode_prepare+0xca/0x100 do_syscall_64+0x42/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc This fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler when CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to avoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This approach was chosen as it provides more control over the error path.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel* <4.14.312
linuxlinux_kernel*≥4.15  –  <4.19.280
linuxlinux_kernel*≥4.20  –  <5.4.240
linuxlinux_kernel*≥5.5  –  <5.10.177
linuxlinux_kernel*≥5.11  –  <5.15.106
linuxlinux_kernel*≥5.16  –  <6.1.23
linuxlinux_kernel*≥6.2  –  <6.2.10
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/179a88a8558bbf42991d361595281f3e45d7edfc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e144b68208e98fd4602c842a7149ba5f41d87fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26a32a212bc540f4773cd6af8cf73e967d72569c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b64305185b76f1d5145ce594ff48f3f0e70695bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b7d854c33ab48e55fc233699bbefe39ec9bb5c05
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/179a88a8558bbf42991d361595281f3e45d7edfc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e144b68208e98fd4602c842a7149ba5f41d87fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/26a32a212bc540f4773cd6af8cf73e967d72569c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b64305185b76f1d5145ce594ff48f3f0e70695bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b7d854c33ab48e55fc233699bbefe39ec9bb5c05
    Patch