CVE-2023-52441

HIGH

Linux Kernel 5.15.0-5.15.145 - Out-of-Bounds Write in ksmbd SMB2 Response Header Initialization

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b

Patch

https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc

Patch

https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f

Patch

https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b

Scores

CVSS v3 7.8

EPSS 0.0038

EPSS Percentile 29.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119

Status published

Products (11)

Linux/Linux < 5.15

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 330d900620dfc9893011d725b3620cd2ee0bc2bc

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 536bb492d39bb6c080c92f31e8a55fe9934f452b

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b

Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - aa669ef229ae8dd779da9caa24e254964545895f

Linux/Linux 5.15

Linux/Linux 5.15.145 - 5.15.*

Linux/Linux 6.1.53 - 6.1.*

Linux/Linux 6.4.16 - 6.4.*

Linux/Linux 6.5

... and 1 more

Published Feb 21, 2024

Tracked Since Feb 18, 2026