Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-39176

Опубликовано: 10 июн. 2024
Источник: redhat
CVSS3: 5.8

Описание

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Отчет

No Red Hat products are affected by this CVE, as the ksmbd code is not included in any shipping RHEL kernel release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2326503kernel: ksmbd: Transform Header Out-Of-Bounds Read Information Disclosure Vulnerability

5.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-39176

CVSS3: 5.8
ubuntu
около 1 года назад

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

nvd логотип

CVE-2023-39176

CVSS3: 5.8
nvd
около 1 года назад

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

debian логотип

CVE-2023-39176

CVSS3: 5.8
debian
около 1 года назад

A flaw was found within the parsing of SMB2 requests that have a trans ...

github логотип

GHSA-jf42-2pw2-333x

CVSS3: 5.8
github
около 1 года назад

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

fstec логотип

BDU:2025-14283

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость функции smb2_set_ea() модуля fs/smb/server/smb2misc.c подсистемы SMB ядра операционной системы Linux, позволяющая удаленному нарушителю получить доступ к защищаемой информации

5.8 Medium

CVSS3