PT-2023-3671 · Linux+5 · Linux Kernel+5
Publicado
2023-05-16
·
Atualizado
2025-01-13
·
CVE-2023-38428
CVSS v2.0
9.4
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.3.4
Description
The issue is related to the function
session user() in the fs/ksmbd/smb2pdu.c module of the Linux kernel's KSMBD file system. It involves an out-of-bounds read due to improper checking of the UserName value, which does not consider the address of the security buffer. This could allow a remote attacker to access protected information or cause a denial of service.Recommendations
For Linux kernel versions prior to 6.3.4, update to version 6.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the
fs/ksmbd/smb2pdu.c module until a patch is available. Avoid using the UserName value in the affected session user() function until the issue is resolved.Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu