CVE-2023-52442

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The issue is related to the improper validation of session id and tree id in compound requests in the Linux kernel's ksmbd module. Specifically, the smb2 get msg() function in smb2 get ksmbd tcon() and smb2 check user session() always returns the first request smb2 header in a compound request. If SMB2 TREE CONNECT HE is the first command in a compound request, it returns 0, effectively skipping the tree id check. This can be exploited by a remote attacker to potentially elevate privileges. The vulnerability is related to the ksmbd req buf next() function used to get the current command in a compound request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.