PT-2023-3668 · Linux+5 · Linux Kernel+5

Chih-Yen Chang

Publicado

2023-06-02

Atualizado

2025-01-13

CVE-2023-38431

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.8

Description An issue in the Linux kernel's ksmbd module, specifically in the fs/smb/server/connection.c file, does not validate the relationship between the NetBIOS header's length field and the SMB header sizes. This can lead to an out-of-bounds read via the pdu size in the ksmbd conn handler loop function, potentially allowing an attacker to access protected information or cause a denial of service.

Recommendations For Linux kernel versions prior to 6.3.8, update to version 6.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the ksmbd module to minimize the risk of exploitation.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27539

BDU:2023-03952

CVE-2023-38431

ROSA-SA-2023-2208

USN-6412-1

USN-6466-1

USN-6725-1

USN-6725-2

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-3668 · Linux+5 · Linux Kernel+5

CVE-2023-38431

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 119