Use-After-Free Vulnerability in Linux Kernel CIFS Component
CVE-2023-53751

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2023-53751?

A potential use-after-free vulnerability was identified in the Linux kernel's CIFS (Common Internet File System) where the TCP_Server_Info::hostname could be modified multiple times during the reconnection process. This flaw allows for unsafe access to the hostname variable outside the reconnection path, creating a risk of access to freed memory, which could be exploited by attackers. Enhanced protections have been implemented to safeguard access to this variable and to eliminate potential use-after-free scenarios.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64d62ac6d6514cba1305bd08e271ec1843bdd612

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0b08c4c499200be67d54c439d56e5ea866869945

References

https://git.kernel.org/stable/c/64d62ac6d6514cba1305bd08e...

https://git.kernel.org/stable/c/c511954bf142fe1995aec3c73...

https://git.kernel.org/stable/c/0b08c4c499200be67d54c439d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON