Salvatore Bonaccorso <carnil@xxxxxxxxxx> writes: > There is a Red Hat bugzilla report in > https://bugzilla.redhat.com/show_bug.cgi?id=2154178 about a > use-after-free in smb2_is_status_io_timeout() . While the commit noted > initially there seems not correct, Ben Hutchings raised a question on > more information in > https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24 . > > (there is a CVE assigned for it, CVE-2023-1192) That is supposed to be fixed by d527f51331ca ("cifs: Fix UAF in cifs_demultiplex_thread()") While the commit refers to an UAF in ->is_network_name_deleted(), this should also work for smb2_is_status_io_timeout(), AFAICT.
