{"id":"CVE-2023-52752","summary":"smb: client: fix use-after-free bug in cifs_debug_data_proc_show()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free bug in cifs_debug_data_proc_show()\n\nSkip SMB sessions that are being teared down\n(e.g. @ses-\u003eses_status == SES_EXITING) in cifs_debug_data_proc_show()\nto avoid use-after-free in @ses.\n\nThis fixes the following GPF when reading from /proc/fs/cifs/DebugData\nwhile mounting and umounting\n\n  [ 816.251274] general protection fault, probably for non-canonical\n  address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI\n  ...\n  [  816.260138] Call Trace:\n  [  816.260329]  \u003cTASK\u003e\n  [  816.260499]  ? die_addr+0x36/0x90\n  [  816.260762]  ? exc_general_protection+0x1b3/0x410\n  [  816.261126]  ? asm_exc_general_protection+0x26/0x30\n  [  816.261502]  ? cifs_debug_tcon+0xbd/0x240 [cifs]\n  [  816.261878]  ? cifs_debug_tcon+0xab/0x240 [cifs]\n  [  816.262249]  cifs_debug_data_proc_show+0x516/0xdb0 [cifs]\n  [  816.262689]  ? seq_read_iter+0x379/0x470\n  [  816.262995]  seq_read_iter+0x118/0x470\n  [  816.263291]  proc_reg_read_iter+0x53/0x90\n  [  816.263596]  ? srso_alias_return_thunk+0x5/0x7f\n  [  816.263945]  vfs_read+0x201/0x350\n  [  816.264211]  ksys_read+0x75/0x100\n  [  816.264472]  do_syscall_64+0x3f/0x90\n  [  816.264750]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n  [  816.265135] RIP: 0033:0x7fd5e669d381","modified":"2026-04-11T12:46:35.823869Z","published":"2024-05-21T15:30:40.901Z","related":["SUSE-SU-2024:2360-1","SUSE-SU-2024:2362-1","SUSE-SU-2024:2365-1","SUSE-SU-2024:2372-1","SUSE-SU-2024:2381-1","SUSE-SU-2024:2384-1","SUSE-SU-2024:2385-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2495-1","SUSE-SU-2024:2561-1","SUSE-SU-2024:2895-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3764-1","SUSE-SU-2024:3767-1","SUSE-SU-2024:3774-1","SUSE-SU-2024:3775-1","SUSE-SU-2024:3777-1","SUSE-SU-2024:3780-1","SUSE-SU-2024:3782-1","SUSE-SU-2024:3783-1","SUSE-SU-2024:3793-1","SUSE-SU-2024:3794-1","SUSE-SU-2024:3796-1","SUSE-SU-2024:3797-1","SUSE-SU-2024:3798-1","SUSE-SU-2024:3799-1","SUSE-SU-2024:3800-1","SUSE-SU-2024:3803-1","SUSE-SU-2024:3804-1","SUSE-SU-2024:3805-1","SUSE-SU-2024:3806-1","SUSE-SU-2024:3814-1","SUSE-SU-2024:3815-1","SUSE-SU-2024:3816-1","SUSE-SU-2024:3820-1","SUSE-SU-2024:3821-1","SUSE-SU-2024:3822-1","SUSE-SU-2024:3824-1","SUSE-SU-2024:3829-1","SUSE-SU-2024:3830-1","SUSE-SU-2024:3831-1","SUSE-SU-2024:3833-1","SUSE-SU-2024:3834-1","SUSE-SU-2024:3835-1","SUSE-SU-2024:3837-1","SUSE-SU-2024:3838-1","SUSE-SU-2024:3840-1","SUSE-SU-2024:3842-1","SUSE-SU-2024:3848-1","SUSE-SU-2024:3849-1","SUSE-SU-2024:3850-1","SUSE-SU-2024:3851-1","SUSE-SU-2024:3852-1","SUSE-SU-2024:3854-1","SUSE-SU-2024:3855-1","SUSE-SU-2024:3857-1","SUSE-SU-2024:3859-1","SUSE-SU-2024:3860-1","SUSE-SU-2024:3880-1","SUSE-SU-2024:3881-1","SUSE-SU-2024:3882-1","SUSE-SU-2024:3884-1","SUSE-SU-2024:3885-1","SUSE-SU-2024:4122-1","SUSE-SU-2024:4123-1","SUSE-SU-2024:4124-1","SUSE-SU-2024:4125-1","SUSE-SU-2024:4127-1","SUSE-SU-2024:4139-1","SUSE-SU-2024:4180-1","SUSE-SU-2024:4197-1","SUSE-SU-2024:4207-1","SUSE-SU-2024:4208-1","SUSE-SU-2024:4209-1","SUSE-SU-2024:4210-1","SUSE-SU-2024:4214-1","SUSE-SU-2024:4216-1","SUSE-SU-2024:4218-1","SUSE-SU-2024:4226-1","SUSE-SU-2024:4228-1","SUSE-SU-2024:4231-1","SUSE-SU-2024:4234-1","SUSE-SU-2024:4235-1","SUSE-SU-2024:4236-1","SUSE-SU-2024:4242-1","SUSE-SU-2024:4243-1","SUSE-SU-2024:4246-1","SUSE-SU-2024:4249-1","SUSE-SU-2024:4250-1","SUSE-SU-2024:4256-1","SUSE-SU-2024:4263-1","SUSE-SU-2024:4264-1","SUSE-SU-2024:4266-1","SUSE-SU-2024:4275-1","SUSE-SU-2025:0084-1","SUSE-SU-2025:0085-1","SUSE-SU-2025:0091-1","SUSE-SU-2025:0097-1","SUSE-SU-2025:0101-1","SUSE-SU-2025:0103-1","SUSE-SU-2025:0106-1","SUSE-SU-2025:0107-1","SUSE-SU-2025:0109-1","SUSE-SU-2025:0110-1","SUSE-SU-2025:0114-1","SUSE-SU-2025:0115-1","SUSE-SU-2025:0124-1","SUSE-SU-2025:0131-1","SUSE-SU-2025:0137-1","SUSE-SU-2025:0138-1","SUSE-SU-2025:0146-1","SUSE-SU-2025:0150-1","SUSE-SU-2025:0158-1","SUSE-SU-2025:0164-1","SUSE-SU-2025:0168-1","SUSE-SU-2025:0179-1","SUSE-SU-2025:0187-1","SUSE-SU-2025:0188-1","SUSE-SU-2025:0238-1","SUSE-SU-2025:0239-1","SUSE-SU-2025:0240-1","SUSE-SU-2025:0244-1","SUSE-SU-2025:0248-1","SUSE-SU-2025:0249-1","SUSE-SU-2025:0251-1","SUSE-SU-2025:0252-1","SUSE-SU-2025:0253-1","SUSE-SU-2025:0254-1","SUSE-SU-2025:0255-1","SUSE-SU-2025:0260-1","SUSE-SU-2025:0261-1","SUSE-SU-2025:0262-1","SUSE-SU-2025:0264-1","SUSE-SU-2025:0265-1","SUSE-SU-2025:0266-1","SUSE-SU-2025:0269-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52752.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0ab6f842452ce2cae04209d4671ac6289d0aef8a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2abdf136784b7edaec7ffe0f4b461b63f9c4c4de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/336a066990bb3962c46daf574ace596bda9303ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89929ea46f9cc11ba66d2c64713aa5d5dc723b09"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d328c09ee9f15ee5a26431f5aad7c9239fa85e62"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52752.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52752"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7f48558e6489d032b1584b0cc9ac4bb11072c034"},{"fixed":"2abdf136784b7edaec7ffe0f4b461b63f9c4c4de"},{"fixed":"336a066990bb3962c46daf574ace596bda9303ce"},{"fixed":"558817597d5fbd7af31f891b67b0fd20f0d047b7"},{"fixed":"89929ea46f9cc11ba66d2c64713aa5d5dc723b09"},{"fixed":"0ab6f842452ce2cae04209d4671ac6289d0aef8a"},{"fixed":"d328c09ee9f15ee5a26431f5aad7c9239fa85e62"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"a67172a013953664b1dad03c648200c70b90506c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52752.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.13.0"},{"fixed":"5.10.237"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.181"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.5.13"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.6.0"},{"fixed":"6.6.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52752.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}