CVE-2023-3867 ksmbd: fix out of bounds read in smb2_sess_setup

🗓️ 16 Aug 2025 13:29:51Reported by LinuxType

ksmbd fixes out-of-bounds read in smb2_sess_setup when a compound request carries a second payload.

Reporter	Title	Published	Views	Family All 112
AstraLinux	Astra Linux - уязвимость в linux-5.15	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the ksmbd module in Linux operating systems allows a hacker to execute arbitrary code.	4 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-3867	16 Aug 202514:04	–	circl
CNNVD	Linux kernel security vulnerabilities	1 Nov 202300:00	–	cnnvd
CVE	CVE-2023-3867	16 Aug 202513:29	–	cve
Debian CVE	CVE-2023-3867	16 Aug 202513:29	–	debiancve
NVD	CVE-2023-3867	16 Aug 202514:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-6464-1)	1 Nov 202300:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6466-1)	1 Nov 202300:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6520-1)	30 Nov 202300:00	–	openvas

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/server/smb2pdu.c"
    ],
    "versions": [
      {
        "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
        "lessThan": "676392184785ace61e939831e7ca44a03d438c3b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
        "lessThan": "ef572ffa8eb44111eed2925fbb2adca78bdcbf61",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
        "lessThan": "2ba03cecb12ac7ac9e0170e251543c56832d9959",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
        "lessThan": "98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/smb/server/smb2pdu.c"
    ],
    "versions": [
      {
        "version": "5.15",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.15",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.145",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.40",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.4.5",
        "lessThanOrEqual": "6.4.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.5",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/ef572ffa8eb44111eed2925fbb2adca78bdcbf61
git	www.git.kernel.org/stable/c/98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8
git	www.git.kernel.org/stable/c/676392184785ace61e939831e7ca44a03d438c3b
git	www.git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959

11 May 2026 19:27Current

EPSS0.02838