Lucene search

K
nvd[email protected]NVD:CVE-2023-38431
HistoryJul 18, 2023 - 12:15 a.m.

CVE-2023-38431

2023-07-1800:15:09
CWE-125
web.nvd.nist.gov
4
linux kernel
ksmbd
out-of-bounds read
netbios
smb header

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

49.2%

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header’s length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

Affected configurations

NVD
Node
linuxlinux_kernelRange5.15–5.15.145
OR
linuxlinux_kernelRange5.16–6.1.34
OR
linuxlinux_kernelRange6.2–6.3.8
Node
netappsolidfire_\&_hci_management_nodeMatch-
OR
netapph300sMatch-
OR
netapph410sMatch-
OR
netapph500sMatch-
OR
netapph700sMatch-

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

49.2%