« List of all CVEs

CVE-2023-4458

Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability

Published: 11/14/2024 Last updated: 11/14/2024 Reserved: 8/21/2023

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 4 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (14)

Product Vendor Version
Red Hat Enterprise Linux 6 Red Hat < b99f490ea87ebcca3a429fd8837067feb56a4c7c
Red Hat Enterprise Linux 7 Red Hat < 105cc268328231d5c2bfcbd03f265cec444a3492
Snapdragon 690 5G Mobile Platform
Red Hat Enterprise Linux 6 Red Hat Snapdragon 695 5G Mobile Platform
Red Hat Enterprise Linux 7 Red Hat Snapdragon 7 Gen 1 Mobile Platform
Red Hat Enterprise Linux 8 Red Hat Snapdragon 720G Mobile Platform
Red Hat Enterprise Linux 9 Red Hat Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Red Hat Enterprise Linux 8 Red Hat < 5ee28bcfbaacf289eb25c662a2862542ea6ce6a7
Red Hat Enterprise Linux 9 Red Hat < 03db4fe7917bb160eeccf3968835475fa32b7e10
Red Hat Enterprise Linux 7 Red Hat < 9078b434587722a6f2958dc1d536af6e39634db9
Red Hat Enterprise Linux 9 Red Hat Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Red Hat Enterprise Linux 8 Red Hat Snapdragon 765 5G Mobile Platform (SM7250-AA)
Red Hat Enterprise Linux 9 Red Hat < 6b67a6d2e50634fe127e656147c81915955e9f5e
Red Hat Enterprise Linux 7 Red Hat Snapdragon 7+ Gen 2 Mobile Platform

References (6)

Credits (2)