Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-38431
HistoryJul 18, 2023 - 12:00 a.m.

CVE-2023-38431

2023-07-1800:00:00
ubuntu.com
ubuntu.com
7
linux kernel
out-of-bounds read
smb server

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

31.2%

An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/connection.c in ksmbd does not validate the relationship
between the NetBIOS header’s length field and the SMB header sizes, via
pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

Bugs

Notes

Author Note
rodrigo-zaiden needs ksmbd-tools installed to enable the service, which is not installed by default.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-102.112UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-34.34UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1057.63UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1013.13UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1057.63~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1013.13~22.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1060.69UNKNOWN
ubuntu23.04noarchlinux-azure< 6.2.0-1014.14UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1060.69~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-6.2< 6.2.0-1014.14~22.04.1UNKNOWN
Rows per page:
1-10 of 451

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

31.2%