Lucene search

[email protected]CVE-2023-1193

HistoryNov 01, 2023 - 8:15 p.m.

CVE-2023-1193

2023-11-0120:15:08

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-1193

use-after-free

ksmbd

samba server

cifs

linux kernel

security vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

18.0%

JSON

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.3
linux:linux_kernellinux linux kerneleq2.6.28
linux:linux_kernellinux linux kerneleq5.10.35
linux:linux_kernellinux linux kerneleq4.14.23
linux:linux_kernellinux linux kerneleq3.2.41
linux:linux_kernellinux linux kerneleq4.14.257
linux:linux_kernellinux linux kerneleq2.6.32
linux:linux_kernellinux linux kerneleq2.3.32
linux:linux_kernellinux linux kerneleq3.18.125
linux:linux_kernellinux linux kerneleq2.6.39

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.3
linux:linux_kernel	linux linux kernel	eq	2.6.28
linux:linux_kernel	linux linux kernel	eq	5.10.35
linux:linux_kernel	linux linux kernel	eq	4.14.23
linux:linux_kernel	linux linux kernel	eq	3.2.41
linux:linux_kernel	linux linux kernel	eq	4.14.257
linux:linux_kernel	linux linux kernel	eq	2.6.32
linux:linux_kernel	linux linux kernel	eq	2.3.32
linux:linux_kernel	linux linux kernel	eq	3.18.125
linux:linux_kernel	linux linux kernel	eq	2.6.39

Rows per page:

1-10 of 44811

References

access.redhat.com/security/cve/CVE-2023-1193

bugzilla.redhat.com/show_bug.cgi?id=2154177

lkml.kernel.org/linux-cifs/[email protected]/T/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2023-1193

prion1 cbl_mariner2 ubuntucve1 cvelist1 redhatcve1 debiancve1