cbcvebase.
CVE-2023-0210
published 2023-03-27

CVE-2023-0210: A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
71.74%
99.3th percentile
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.7-1 (bookworm)linux 6.1.7-1 (bookworm)
linuxlinux_kernel
linuxlinux_kernel>= 0 < 6.1.7-16.1.7-1
linuxlinux_kernel>= 0 < 6.1.7-16.1.7-1
linuxlinux_kernel>= 0 < 6.1.7-16.1.7-1
linuxlinux_kernel>= 0 < 5.15.0-69.765.15.0-69.76
linuxlinux_kernel>= 5.15 < 5.15.875.15.87
linuxlinux_kernel>= 5.16 < 6.0.196.0.19
linuxlinux_kernel>= 6.1 < 6.1.56.1.5

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability targets the Linux kernel's ksmbd NTLMv2 authentication path; monitor for heap overflow conditions in ksmbd_decode_ntlmssp_auth_blob, which can cause immediate OS crash (remote DoS)
  • ·Red Hat Enterprise Linux 6, 7, 8, and 9 kernels are NOT affected — ksmbd is not built in Red Hat kernel source
  • ·Debian bookworm, forky, sid, and trixie are fixed in kernel version 6.1.7-1; bullseye is also resolved

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.