PT-2023-1704 · Linux+5 · Linux Kernel+5
Chih-Yen Chang
·
Publicado
2023-03-09
·
Atualizado
2025-03-20
·
CVE-2023-1194
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An out-of-bounds (OOB) memory read flaw was found in the
parse lease state() function in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parse lease state() function, the create context object can access invalid memory. This issue is related to errors in variable initialization in the parse lease state() function. Exploitation of this issue may allow an attacker to cause a denial of service.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu