7.1

CVE-2023-3867

EPSS 0.2%
Veröffentlicht 16.08.2025 13:29:51
Zuletzt bearbeitet 18.11.2025 17:58:23
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds read in smb2_sess_setup

ksmbd does not consider the case of that smb2 session setup is
in compound request. If this is the second payload of the compound,
OOB read issue occurs while processing the first payload in
the smb2_sess_setup().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.145

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.40

Linux ≫ Linux Kernel Version >= 6.2 < 6.4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.419

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/676392184785ace61e939831e7ca44a03d438c3b

Patch

https://git.kernel.org/stable/c/ef572ffa8eb44111eed2925fbb2adca78bdcbf61

Patch

https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959

Patch

https://git.kernel.org/stable/c/98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-3867

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3867

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3867

EUVD