CVE-2023-53246
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to S_AUTOMOUNT and corresponding dentry flags is retained regardless of CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in VFS follow_automount() when traversing a DFS referral link: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace: <TASK> __traverse_mounts+0xb5/0x220 ? cifs_revalidate_mapping+0x65/0xc0 [cifs] step_into+0x195/0x610 ? lookup_fast+0xe2/0xf0 path_lookupat+0x64/0x140 filename_lookup+0xc2/0x140 ? __create_object+0x299/0x380 ? kmem_cache_alloc+0x119/0x220 ? user_path_at_empty+0x31/0x50 user_path_at_empty+0x31/0x50 __x64_sys_chdir+0x2a/0xd0 ? exit_to_user_mode_prepare+0xca/0x100 do_syscall_64+0x42/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc This fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler when CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to avoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This approach was chosen as it provides more control over the error path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53246
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.14.312 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.280 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.240 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.177 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.106 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.23 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.10 (exc)
linux linux_kernel 6.3
linux linux_kernel 6.3
linux linux_kernel 6.3
linux linux_kernel 6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's CIFS module when compiled without the CONFIG_CIFS_DFS_UPCALL option. In this configuration, a function pointer (cifs_dfs_d_automount) is NULL, but the kernel still attempts to use it when handling DFS referral links. This leads to a NULL pointer dereference and a kernel crash (oops) during DFS traversal, specifically in the VFS follow_automount() function.

Impact Analysis

The vulnerability can cause a kernel NULL pointer dereference, resulting in a system crash (kernel oops) when traversing DFS referral links in CIFS shares. This can lead to denial of service by crashing the system or disrupting file system operations.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version that includes the fix for the CIFS DFS traversal NULL pointer dereference. Specifically, use a kernel version where the cifs_dfs_d_automount() handler returns -EREMOTE when CONFIG_CIFS_DFS_UPCALL is disabled. Avoid using configurations that disable CONFIG_CIFS_DFS_UPCALL if possible, or apply the patch that addresses this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53246. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart