Lucene search
Pumpkin (@u1f383)ZDI-24-229HistoryMar 01, 2024 - 12:00 a.m.
Linux Kernel ksmbd Session Key Exchange Heap-based Buffer Overflow Remote Code Execution Vulnerability
2024-03-0100:00:00
Pumpkin (@u1f383)
www.zerodayinitiative.com
11
linux kernel
remote code execution
vulnerability
ksmbd
session keys
heap-based buffer overflow
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of session keys. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Related
prion
prion
Spoofing
2024-02-21 08:15:00
debiancve
debiancve
CVE-2023-52440
2024-02-21 08:15:45
cvelist
cvelist
CVE-2023-52440 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
2024-02-21 07:21:00
ubuntucve
ubuntucve
CVE-2023-52440
2024-02-21 00:00:00
nvd
nvd
CVE-2023-52440
2024-02-21 08:15:45
vulnrichment
vulnrichment
CVE-2023-52440 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
2024-02-21 07:21:00
cve
cve
CVE-2023-52440
2024-02-21 08:15:45
redos
redos
ROS-20240813-01
2024-08-13 00:00:00