7.1

CVE-2023-3867

ksmbd: fix out of bounds read in smb2_sess_setup

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds read in smb2_sess_setup

ksmbd does not consider the case of that smb2 session setup is
in compound request. If this is the second payload of the compound,
OOB read issue occurs while processing the first payload in
the smb2_sess_setup().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.145
LinuxLinux Kernel Version >= 5.16 < 6.1.40
LinuxLinux Kernel Version >= 6.2 < 6.4.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.84% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/676392184785ace61e939831e7ca44a03d438c3b
Patch
https://git.kernel.org/stable/c/ef572ffa8eb44111eed2925fbb2adca78bdcbf61
Patch
https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959
Patch
https://git.kernel.org/stable/c/98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8
Patch