CVE-2023-54260
Published Dec 30, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbd_destroy() will directly return, then the connection info will be leaked. Let's set the smb direct connection info to the server before call smbd_destroy().
Is your site exposed to CVE-2023-54260?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/04b7e13b8a13264282f874db5378fc3d3253cfac
https://git.kernel.org/stable/c/324c0c34fff1affd436e509325cb46739209704e
https://git.kernel.org/stable/c/46cd6c639cddba2bd2d810ceb16bb20374ad75b0
https://git.kernel.org/stable/c/c51ae01104b318bf15f3c5097faba5c72addba7a
https://git.kernel.org/stable/c/caac205e0d5b44c4c23a10c6c0976d50ebe16ac2
https://git.kernel.org/stable/c/d303e25887127364a6765eaf7ac68aa2bac518a9
https://git.kernel.org/stable/c/e9d3401d95d62a9531082cd2453ed42f2740e3fd
Frequently Asked Questions
What is CVE-2023-54260? +
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix lost destroy smbd connection when MR allocate failed
If the MR allocate failed, the smb direct connection info is NULL,
then smbd_destroy() will directly return, then the connection info
will be leaked.
Let's set the smb direct connection info to the server before call
smbd_destroy().
How do I check if I'm vulnerable to CVE-2023-54260? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.