CVE-2023-53052: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-53052) was discovered in the Linux kernel's CIFS implementation, specifically in the refreshcacheworker() function. The vulnerability was disclosed on May 2, 2025, affecting the Linux kernel's CIFS (Common Internet File System) subsystem. The issue occurs because DFS root sessions were being put in cifs_umount() while the DFS cache refresher was being executed (NVD, Wiz).

The vulnerability manifests as a use-after-free bug in the refreshtcon.isra.0 function within the CIFS module. The issue was detected by KASAN (Kernel Address Sanitizer) which reported a read of size 8 at a specific memory address by the kworker task. According to Red Hat's assessment, the vulnerability has a CVSS v3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat).

The use-after-free vulnerability could potentially lead to system crashes or memory corruption in systems using the CIFS filesystem module. This could affect systems that utilize DFS (Distributed File System) functionality within the Linux kernel (Wiz).

The issue has been fixed by modifying DFS root sessions to have the same lifetime as DFS tcons, preventing the use-after-free bug in the DFS cache refresher and other places that require IPCs to get new DFS referrals. The fix also removes mount group handling in DFS cache as it is no longer needed. Fixed versions are available in various Linux distributions, including Debian Trixie (6.12.25-1) and Sid (6.12.27-1) (Debian Tracker).