In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when releasing mids
All releasemid() callers seem to hold a reference of @mid so there is no need to call krefput(&mid->refcount, _releasemid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways.
By getting rid of such spinlock also fixes a potential deadlock as shown below
cifsdemultiplexthread() cifsdebugdataprocshow() releasemid() spinlock(&server->midlock); spinlock(&cifstcpseslock) spinlock(&server->midlock) _releasemid() smb2findsmbtcon() spinlock(&cifstcpseslock) deadlock
{ "vanir_signatures": [ { "id": "CVE-2023-52757-00e8e350", "signature_type": "Line", "target": { "file": "fs/cifs/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-02991e5c", "signature_type": "Line", "target": { "file": "fs/smb/client/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-083f5c38", "signature_type": "Line", "target": { "file": "fs/smb/client/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "333969554454996524876550102199721238241", "192731868492257398641494685216018703170", "167208735127572621422574464108926375831", "117898096497196319869947417767936035979", "158574945328800307986865651361096266115", "294249093434341129381721510552048270845", "16664156066499128474156063269217251089", "184329968031019962499306931995038617454", "60526349715746645459305532403915430705", "194023539309182958110364520405570025655", "244106843368773561842849437054788165145", "80496851779336839402099898150884641747", "285695575354559510969453627139428983150", "39607709637390765498689545394510355093" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-09c40483", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "release_mid" }, "deprecated": false, "digest": { "length": 182.0, "function_hash": "92622958912022168309976305838901430020" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-0b7e6051", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "release_mid" }, "deprecated": false, "digest": { "length": 182.0, "function_hash": "92622958912022168309976305838901430020" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-1830d762", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "__release_mid" }, "deprecated": false, "digest": { "length": 2017.0, "function_hash": "211071474613093553654355512043600441306" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-1fe28f1c", "signature_type": "Function", "target": { "file": "fs/cifs/transport.c", "function": "cifs_mid_q_entry_release" }, "deprecated": false, "digest": { "length": 163.0, "function_hash": "306399161724084284370789197437970349566" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "id": "CVE-2023-52757-2a2df7b0", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "__release_mid" }, "deprecated": false, "digest": { "length": 2017.0, "function_hash": "211071474613093553654355512043600441306" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-348af0aa", "signature_type": "Line", "target": { "file": "fs/smb/client/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "333969554454996524876550102199721238241", "192731868492257398641494685216018703170", "167208735127572621422574464108926375831", "117898096497196319869947417767936035979", "158574945328800307986865651361096266115", "294249093434341129381721510552048270845", "16664156066499128474156063269217251089", "184329968031019962499306931995038617454", "60526349715746645459305532403915430705", "194023539309182958110364520405570025655", "244106843368773561842849437054788165145", "80496851779336839402099898150884641747", "285695575354559510969453627139428983150", "39607709637390765498689545394510355093" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-3b379e40", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "release_mid" }, "deprecated": false, "digest": { "length": 182.0, "function_hash": "92622958912022168309976305838901430020" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-3d436efb", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "release_mid" }, "deprecated": false, "digest": { "length": 182.0, "function_hash": "92622958912022168309976305838901430020" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-3dce4fbc", "signature_type": "Function", "target": { "file": "fs/cifs/transport.c", "function": "_cifs_mid_q_entry_release" }, "deprecated": false, "digest": { "length": 2016.0, "function_hash": "210804264834439942542602192730278601928" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "id": "CVE-2023-52757-50b16e4a", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "__release_mid" }, "deprecated": false, "digest": { "length": 2017.0, "function_hash": "211071474613093553654355512043600441306" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-58ec50f6", "signature_type": "Function", "target": { "file": "fs/smb/client/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-5be581ec", "signature_type": "Function", "target": { "file": "fs/smb/client/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-5ca07385", "signature_type": "Function", "target": { "file": "fs/cifs/transport.c", "function": "_cifs_mid_q_entry_release" }, "deprecated": false, "digest": { "length": 2016.0, "function_hash": "210804264834439942542602192730278601928" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-634d4287", "signature_type": "Function", "target": { "file": "fs/smb/client/transport.c", "function": "__release_mid" }, "deprecated": false, "digest": { "length": 2017.0, "function_hash": "211071474613093553654355512043600441306" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-6557adbb", "signature_type": "Line", "target": { "file": "fs/cifs/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "39742162287113468711455995104298768791", "255819318416118497684137359464791631822", "168987151439830247015753783254748476719", "26867242028602670100007502129125853485", "39526811947459879731842023784530117388" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "id": "CVE-2023-52757-69cb58f8", "signature_type": "Function", "target": { "file": "fs/cifs/transport.c", "function": "cifs_mid_q_entry_release" }, "deprecated": false, "digest": { "length": 163.0, "function_hash": "306399161724084284370789197437970349566" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-6e3ed8ee", "signature_type": "Line", "target": { "file": "fs/smb/client/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "333969554454996524876550102199721238241", "192731868492257398641494685216018703170", "167208735127572621422574464108926375831", "117898096497196319869947417767936035979", "158574945328800307986865651361096266115", "294249093434341129381721510552048270845", "16664156066499128474156063269217251089", "184329968031019962499306931995038617454", "60526349715746645459305532403915430705", "194023539309182958110364520405570025655", "244106843368773561842849437054788165145", "80496851779336839402099898150884641747", "285695575354559510969453627139428983150", "39607709637390765498689545394510355093" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-6ea5cb41", "signature_type": "Function", "target": { "file": "fs/smb/client/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-6f8dc8f7", "signature_type": "Line", "target": { "file": "fs/smb/client/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "82287789726539691040715740589138253485", "199122984352681361439041378496532703982", "316939153489666038968192652928828174795", "113538106032362434358434557922953795612", "68076307431393875945222860571454509770" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-79d4b1c9", "signature_type": "Line", "target": { "file": "fs/smb/client/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "id": "CVE-2023-52757-7f6c2516", "signature_type": "Line", "target": { "file": "fs/smb/client/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "330193022960171103265942402218275338749", "328873332100305295989896785167712419851", "316939153489666038968192652928828174795", "113538106032362434358434557922953795612", "165120336167119976505051180385445526299" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-885a7929", "signature_type": "Line", "target": { "file": "fs/smb/client/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "333969554454996524876550102199721238241", "192731868492257398641494685216018703170", "167208735127572621422574464108926375831", "117898096497196319869947417767936035979", "158574945328800307986865651361096266115", "294249093434341129381721510552048270845", "16664156066499128474156063269217251089", "184329968031019962499306931995038617454", "60526349715746645459305532403915430705", "194023539309182958110364520405570025655", "244106843368773561842849437054788165145", "80496851779336839402099898150884641747", "285695575354559510969453627139428983150", "39607709637390765498689545394510355093" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-8942961f", "signature_type": "Line", "target": { "file": "fs/cifs/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "39742162287113468711455995104298768791", "255819318416118497684137359464791631822", "168987151439830247015753783254748476719", "26867242028602670100007502129125853485", "233684105303980211196225794444181786412" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-98c36ac5", "signature_type": "Line", "target": { "file": "fs/smb/client/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-a89597b7", "signature_type": "Line", "target": { "file": "fs/smb/client/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-b3c24598", "signature_type": "Function", "target": { "file": "fs/cifs/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-be6ef255", "signature_type": "Line", "target": { "file": "fs/smb/client/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "330193022960171103265942402218275338749", "328873332100305295989896785167712419851", "316939153489666038968192652928828174795", "113538106032362434358434557922953795612", "165120336167119976505051180385445526299" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" }, { "id": "CVE-2023-52757-c7098785", "signature_type": "Line", "target": { "file": "fs/cifs/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "96218082691854513688425617778603457290", "337746834284587462538171230836883472866", "49095650489628270433994503514906227131", "154196730086695371120419840633498806767", "219200974936639912905725250073413836127", "233153101493809329322477145979914288412", "115279224385604766330379813551355237216", "92558258467734111074352649883334306570", "220141846594861113545776607399100527373", "126456926361996595980809421660454823212", "280344530740777793985773787614171891974", "38455549249026192152922346844568264883", "284313492001860704451294437557798109633" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99f476e27aad5964ab13777d84fda67d1356dec1" }, { "id": "CVE-2023-52757-d67928c3", "signature_type": "Function", "target": { "file": "fs/cifs/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "id": "CVE-2023-52757-dc39b545", "signature_type": "Line", "target": { "file": "fs/cifs/transport.c" }, "deprecated": false, "digest": { "line_hashes": [ "96218082691854513688425617778603457290", "337746834284587462538171230836883472866", "49095650489628270433994503514906227131", "154196730086695371120419840633498806767", "219200974936639912905725250073413836127", "233153101493809329322477145979914288412", "115279224385604766330379813551355237216", "92558258467734111074352649883334306570", "220141846594861113545776607399100527373", "126456926361996595980809421660454823212", "280344530740777793985773787614171891974", "38455549249026192152922346844568264883", "284313492001860704451294437557798109633" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "id": "CVE-2023-52757-dc6096f7", "signature_type": "Function", "target": { "file": "fs/smb/client/smb2misc.c", "function": "__smb2_handle_cancelled_cmd" }, "deprecated": false, "digest": { "length": 453.0, "function_hash": "251573095630623355062751650399171159603" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "id": "CVE-2023-52757-e61a1c7c", "signature_type": "Line", "target": { "file": "fs/smb/client/cifsproto.h" }, "deprecated": false, "digest": { "line_hashes": [ "330193022960171103265942402218275338749", "328873332100305295989896785167712419851", "316939153489666038968192652928828174795", "113538106032362434358434557922953795612", "165120336167119976505051180385445526299" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "id": "CVE-2023-52757-ff55b719", "signature_type": "Line", "target": { "file": "fs/cifs/smb2misc.c" }, "deprecated": false, "digest": { "line_hashes": [ "182904386736383286266896877763227486425", "18912152265903560541419205074439050995", "196150192873854186207585634311534211906", "101831010617376753865739459289345203914" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" } ] }