PT-2023-3673 · Linux+5 · Linux Kernel+5

Chih-Yen Chang

Publicado

2023-05-16

Atualizado

2025-01-13

CVE-2023-38426

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.4

Description An issue was discovered in the Linux kernel where ksmbd has an out-of-bounds read in smb2 find context vals when create context's name len is larger than the tag length. This issue may allow an attacker to access protected information or cause a denial of service.

Recommendations For Linux kernel versions prior to 6.3.4, update to version 6.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ksmbd module to minimize the risk of exploitation.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27538

BDU:2023-03957

CVE-2023-38426

OESA-2023-1467

OESA-2023-1468

OESA-2023-1471

USN-6338-1

USN-6338-2

USN-6339-1

USN-6339-2

USN-6339-3

USN-6339-4

USN-6344-1

USN-6350-1

USN-6351-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-3673 · Linux+5 · Linux Kernel+5

CVE-2023-38426

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72