Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2208
HistoryAug 01, 2023 - 1:30 p.m.

Advisory ROSA-SA-2023-2208

2023-08-0113:30:31
ROSA LAB
abf.rosalinux.ru
11
rosa-sa-2023-2208
kernel-6.1.38
rosa-chrome
cve-2023-38431
cve-2023-38427
ksmbd file system
linux
buffer overflow
denial of service
fixed
sudo dnf update

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%

software: kernel-6.1 6.1.38
OS: ROSA-CHROME

package_evr_string: kernel-6.1.1-generic-6.1.38-1.src.rpm

CVE-ID: CVE-2023-38431
BDU-ID: 2023-03952
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ksmbd_conn_handler_loop() function in the fs/smb/server/connection.c module of the KSMBD file system of the Linux operating system kernel is related to reading data outside of the allocated buffer. Exploitation of the vulnerability could allow an attacker to gain access to protected information or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update kernel-6.1-generic

CVE-ID: CVE-2023-38427
BDU-ID: 2023-03956
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the deassemble_neg_contexts() function in the fs/smb/server/smb2pdu.c module of the KSMBD file system of the Linux operating system kernel is related to reading data outside of the allocated buffer. Exploitation of the vulnerability could allow an attacker to gain access to protected information or cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update kernel-6.1-generic

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%