CVE-2023-52440

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified) kernel-image-rpi-un version 6.1.77-alt1

Description The Linux kernel contains a flaw within the ksmbd module, specifically in the ksmbd decode ntlmssp auth blob() function. This issue relates to a heap-based buffer overflow that can occur during session key exchange. The problem arises when the SessionKey.Length within the authblob structure exceeds the expected CIFS KEY SIZE. This can lead to a slub overflow during key exchange operations, as the cifs arc4 crypt function copies data from the client's SessionKey into a session key array without proper size validation. Successful exploitation of this issue could allow a remote attacker to execute arbitrary code.

Recommendations For kernel-image-rpi-un version 6.1.77-alt1, update to the latest available version. For all other affected Linux Kernel versions, update to the latest available version.