PT-2023-1704 · Linux+5 · Linux Kernel+5

Chih-Yen Chang

Published

2023-03-09

Updated

2025-03-20

CVE-2023-1194

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds (OOB) memory read flaw was found in the parse lease state() function in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parse lease state() function, the create context object can access invalid memory. This issue is related to errors in variable initialization in the parse lease state() function. Exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-125CWE-416

Related Identifiers

ALT-PU-2024-6818

AZL-31893

BDU:2023-01278

CVE-2023-1194

USN-6725-1

USN-6725-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-1704 · Linux+5 · Linux Kernel+5

CVE-2023-1194

Weakness Enumeration

Related Identifiers

Affected Products

References · 74