CVE-2023-52441

EPSS 0.02%
Published 21.02.2024 08:15:45
Last modified 21.11.2024 08:39:46
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds in init_smb2_rsp_hdr()

If client send smb2 negotiate request and then send smb1 negotiate
request, init_smb2_rsp_hdr is called for smb1 negotiate request since
need_neg is set to false. This patch ignore smb1 packets after ->need_neg
is set to false.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15.0 < 5.15.145

Linux ≫ Linux Kernel Version >= 5.16.0 < 6.1.53

Linux ≫ Linux Kernel Version >= 6.2.0 < 6.4.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc

Patch

https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b

Patch

https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b

Patch

https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52441

EUVD