CVE-2023-39180

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel ksmbd (affected versions not specified)

Description A flaw was found in the handling of SMB2 READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this issue, but only systems with ksmbd enabled are vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

DoS

Out of bounds Read

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-400CWE-401

Related Identifiers

BDU:2025-15381

CVE-2023-39180

OESA-2024-1765

OESA-2024-1768

ZDI-24-589

Affected Products

Astra Linux

Linux Kernel

Red Os

CVE-2023-39180

Weakness Enumeration

Related Identifiers

Affected Products

References · 63