Lucene search

K
cve[email protected]CVE-2023-38431
HistoryJul 18, 2023 - 12:15 a.m.

CVE-2023-38431

2023-07-1800:15:09
CWE-125
web.nvd.nist.gov
49
cve-2023-38431
linux kernel
out-of-bounds read
nvd
security issue

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header’s length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

Affected configurations

NVD
Node
linuxlinux_kernelRange5.15–5.15.145
OR
linuxlinux_kernelRange5.16–6.1.34
OR
linuxlinux_kernelRange6.2–6.3.8
Node
netappsolidfire_\&_hci_management_nodeMatch-
OR
netapph300sMatch-
OR
netapph410sMatch-
OR
netapph500sMatch-
OR
netapph700sMatch-

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%