CVE-2023-1193
Use-after-free in setup_async_work()
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.
Se encontró una falla de use-after-free en setup_async_work en la implementación KSMBD del servidor samba en el kernel y CIFS en el kernel de Linux. Este problema podría permitir que un atacante bloquee el sistema al acceder al trabajo liberado.
*Credits:
Red Hat would like to thank Pumpkin (@u1f383), working with DEVCORE Internship Program for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-06 CVE Reserved
- 2023-11-01 CVE Published
- 2025-02-27 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1193 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2154177 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T | 2023-11-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3 Search vendor "Linux" for product "Linux Kernel" and version "6.3" | rc5 |
Affected
| ||||||