PT-2023-3670 · Linux+5 · Linux Kernel+5

Publicado

2023-05-16

Atualizado

2025-01-13

CVE-2023-38429

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.4

Description An issue was discovered in the Linux kernel that may lead to out-of-bounds access due to an off-by-one error in memory allocation. This error is caused by the ksmbd smb2 check message function in fs/ksmbd/connection.c. The vulnerability is related to the ksmbd conn handler loop() function and may allow an attacker to access protected information or cause a denial of service.

Recommendations For Linux kernel versions prior to 6.3.4, update to version 6.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ksmbd module to minimize the risk of exploitation.

Correção

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-193CWE-125

Identificadores relacionados

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27535

BDU:2023-03954

CVE-2023-38429

OESA-2023-1492

OESA-2023-1493

OESA-2023-1496

USN-6338-1

USN-6338-2

USN-6339-1

USN-6339-2

USN-6339-3

USN-6339-4

USN-6344-1

USN-6350-1

USN-6351-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-3670 · Linux+5 · Linux Kernel+5

CVE-2023-38429

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 70