CVE-2023-52434

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.0-rc4

Description The vulnerability is related to the smb2 parse contexts() function in the Linux kernel's SMB client. It allows for potential out-of-bounds (OOB) reads when accessing invalid create contexts from a server. This can lead to a page fault and potentially allow an attacker to access sensitive information or cause a denial of service.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the smb2 parse contexts() function, which is version 6.7.0-rc4 or later.

Note: The provided information does not specify the exact version that includes the fix, but it is mentioned that the issue is resolved in version 6.7.0-rc4.

As a temporary workaround, consider disabling the smb2 parse contexts() function until a patch is available. However, this may have significant implications for system functionality and should be carefully considered before implementation.

It is also recommended to restrict access to the vulnerable SMB client module to minimize the risk of exploitation.

Please note that these recommendations are based solely on the provided input data and may not be comprehensive or up-to-date. It is always best to consult the official Linux kernel documentation and security advisories for the most accurate and detailed information.