CIFS Vulnerability in Linux Kernel Affects Multiple Versions
CVE-2023-53246

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2023-53246?

A vulnerability in the CIFS component of the Linux kernel can lead to a NULL pointer dereference when the CONFIG_CIFS_DFS_UPCALL option is disabled. This condition allows for a potential crash during DFS traversal, specifically when handling CIFS_FATTR_DFS_REFERRAL attributes. The flaw is caused by the logic that retains mapping for these attributes regardless of the configuration option, thereby triggering a NULL pointer dereference when traversing DFS referral links. A fix has been implemented to introduce an inline handler, thereby enhancing control over the error handling during these operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8cd7dbc9c46d51e00a0a8372e07cc1cbb8d24a77

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8afb1fabcec1929db46977e84baeee0cc0e79242

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 657d7c215ca974d366ab1808213f716e1e3aa950

References

https://git.kernel.org/stable/c/8cd7dbc9c46d51e00a0a8372e...

https://git.kernel.org/stable/c/8afb1fabcec1929db46977e84...

https://git.kernel.org/stable/c/657d7c215ca974d366ab18082...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025