Lucene search
PRIOn knowledge basePRION:CVE-2023-52442HistoryFeb 21, 2024 - 8:15 a.m.
Command injection
2024-02-2108:15:00
PRIOn knowledge base
www.prio-n.com
3
linux kernel
vulnerability
ksmbd
session id
tree id
compound request
patch
nvd
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
smb2_get_msg() in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if SMB2_TREE_CONNECT_HE is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
Related
zdi
zdi
debiancve
debiancve
CVE-2023-52442
2024-02-21 08:15:45
ubuntucve
ubuntucve
CVE-2023-52442
2024-02-21 00:00:00
cvelist
cvelist
CVE-2023-52442 ksmbd: validate session id and tree id in compound request
2024-02-21 07:21:01
cve
cve
CVE-2023-52442
2024-02-21 08:15:45
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6725-1)
2024-04-09 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-04-09 00:00:00
Linux kernel (AWS) vulnerabilities
2024-04-16 00:00:00
osv
osv
linux-aws, linux-aws-5.15 vulnerabilities
2024-04-16 20:56:05
openvas
openvas
Ubuntu: Security Advisory (USN-6725-2)
2024-04-17 00:00:00
Ubuntu: Security Advisory (USN-6725-1)
2024-04-10 00:00:00