PT-2023-3667 · Linux+5 · Linux Kernel+5

Chih-Yen Chang

Publicado

2023-06-16

Atualizado

2025-01-13

CVE-2023-38432

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.10

Description An issue in the Linux kernel's ksmbd module, specifically in fs/smb/server/smb2misc.c, does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read. This could allow an attacker to access protected information or cause a denial of service.

Recommendations For Linux kernel versions prior to 6.3.10, update to version 6.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the ksmbd module to minimize the risk of exploitation.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27540

AZL-27642

BDU:2023-03951

CVE-2023-38432

OESA-2023-1585

OESA-2023-1586

OESA-2023-1587

USN-6285-1

USN-6416-1

USN-6416-2

USN-6416-3

USN-6445-1

USN-6445-2

USN-6464-1

USN-6466-1

USN-6520-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-3667 · Linux+5 · Linux Kernel+5

CVE-2023-38432

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 113