2 matches found
CVE-2023-52440
CVE-2023-52440 affects the ksmbd component of the Linux kernel. Root cause: a slub overflow in ksmbd_decode_ntlmssp_auth_blob() when authblob->SessionKey.Length exceeds CIFS_KEY_SIZE, enabling overflow during key exchange (cifs_arc4_crypt copies from SessionKey). The fix introduces bounds prot...
CVE-2021-3847
CVE-2021-3847 describes a local privilege escalation in the Linux kernel OverlayFS subsystem. The flaw arises in the way a user copies a capable file from a nosuid mount to another mount, enabling unauthorized execution of setuid-capable files. The confirmed impact is that a local user can escala...