vulnerability
Ubuntu: (CVE-2023-54280): linux-azure vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jan 2, 2026 | Jan 6, 2026 | Jan 6, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Jan 2, 2026
Added
Jan 6, 2026
Modified
Jan 6, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCP_Server_Info::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in __tree_connect_dfs_target(). Also, while at it, update status of IPC tcon on success and then avoid any extra tree connects.
Solutions
ubuntu-upgrade-linux-azureubuntu-upgrade-linux-azure-5-15
References
- CVE-2023-54280
- https://attackerkb.com/topics/CVE-2023-54280
- URL-https://git.kernel.org/linus/ee20d7c6100752eaf2409d783f4f1449c29ea33d
- URL-https://git.kernel.org/stable/c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b
- URL-https://git.kernel.org/stable/c/553476df55a111e6a66ad9155256aec0ec1b7ad0
- URL-https://git.kernel.org/stable/c/ee20d7c6100752eaf2409d783f4f1449c29ea33d
- URL-https://www.cve.org/CVERecord?id=CVE-2023-54280
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.