diff options
| author | Henrique Carvalho <[email protected]> | 2025-11-03 22:52:55 +0000 |
|---|---|---|
| committer | Steve French <[email protected]> | 2025-11-04 14:53:28 +0000 |
| commit | 734e99623c5b65bf2c03e35978a0b980ebc3c2f8 (patch) | |
| tree | ee0cbf5889c65127f42bfc7f9aaa75bd30ffa218 /lib/mpi/mpi-scan.c | |
| parent | Linux 6.18-rc4 (diff) | |
| download | kernel-734e99623c5b65bf2c03e35978a0b980ebc3c2f8.tar.gz kernel-734e99623c5b65bf2c03e35978a0b980ebc3c2f8.zip | |
smb: client: fix potential UAF in smb2_close_cached_fid()
find_or_create_cached_dir() could grab a new reference after kref_put()
had seen the refcount drop to zero but before cfid_list_lock is acquired
in smb2_close_cached_fid(), leading to use-after-free.
Switch to kref_put_lock() so cfid_release() is called with
cfid_list_lock held, closing that gap.
Fixes: ebe98f1447bb ("cifs: enable caching of directories for which a lease is held")
Cc: [email protected]
Reported-by: Jay Shin <[email protected]>
Reviewed-by: Paulo Alcantara (Red Hat) <[email protected]>
Signed-off-by: Henrique Carvalho <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'lib/mpi/mpi-scan.c')
0 files changed, 0 insertions, 0 deletions