{
  "threat_severity" : "Important",
  "public_date" : "2023-10-02T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: use-after-free vulnerability in the smb client component",
    "id" : "2242172",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2242172"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.\nIn case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.", "A flaw was found in the SMB client component in the Linux kernel. In case of an error in smb3_fs_context_parse_param, `ctx->password` was freed, but the field was not set to NULL, potentially leading to a use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their privileges on the system." ],
  "statement" : "Red Hat Enterprise Linux minor releases prior to 9.3.0 and Red Hat Enterprise Linux 8 are not affected by this CVE as they did not include the upstream commit that introduced this flaw (a4e430c8c8ba \"cifs: replace kfree() with kfree_sensitive() for sensitive data\").",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-12-12T00:00:00Z",
    "advisory" : "RHSA-2023:7749",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.13.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-12-12T00:00:00Z",
    "advisory" : "RHSA-2023:7734",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-12-12T00:00:00Z",
    "advisory" : "RHSA-2023:7749",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.13.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-5345\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5345" ],
  "name" : "CVE-2023-5345",
  "mitigation" : {
    "value" : "This flaw can be mitigated by preventing the affected `cifs` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.",
    "lang" : "en:us"
  },
  "csaw" : false
}