CVE-2023-54250

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ksmbd module related to out-of-bounds access in the decode preauth ctxt() function. The issue stems from insufficient boundary checks during the processing of SMB requests, specifically within the deassemble neg contexts() function. This function only verifies the SMB2 negotiation context header and the client-controlled DataLength against the packet boundary, which is inadequate. The vulnerability could be triggered when accessing the HashAlgorithms address within the pneg ctxt structure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.