Описание
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
Отчет
This vulnerability is rated Low because its exploitation scope and potential impact are tightly constrained. Technically, the flaw only allows disclosure of uninitialized heap memory fragments, not direct control or corruption of memory. The attacker must already be an authenticated user with write access to files using the vfs_streams_xattr module, significantly reducing the attack surface. The exposed data is non-deterministic and contextually limited—it consists of residual memory content that may or may not contain meaningful information, with no guarantee of retrieving sensitive secrets. Additionally, Samba already cleanses known secret buffers before freeing memory, further lowering the risk of credential or key exposure.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | samba | Fix deferred | ||
| Red Hat Enterprise Linux 6 | samba | Fix deferred | ||
| Red Hat Enterprise Linux 6 | samba4 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | samba | Fix deferred | ||
| Red Hat Enterprise Linux 8 | samba | Fix deferred | ||
| Red Hat Enterprise Linux 9 | samba | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
Уязвимость модуля vfs_streams_xattr пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
4.3 Medium
CVSS3