CVE-2023-38432Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read25 documents9 sources
Severity
9.1CRITICALNVD
OSV9.8OSV7.1OSV7.0OSV5.7OSV4.7
EPSS
0.1%
top 80.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux Kernel
Timeline
PublishedJul 18
Latest updateNov 28

Description

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel5.155.15.121+2
Debianlinux/linux_kernel< 6.1.37-1+2
Ubuntulinux/linux_kernel< 5.15.0-86.96

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-starfive-6.2 vulnerabilities2023-11-28
OSV
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-2023-10-31
OSV
linux-nvidia-6.2 vulnerabilities2023-10-31
OSV
linux-intel-iotg-5.15 vulnerabilities2023-10-24
OSV
linux-raspi vulnerabilities2023-10-19

📋Vendor Advisories

11
Ubuntu
Linux kernel (StarFive) vulnerabilities2023-11-28
Ubuntu
Linux kernel vulnerabilities2023-10-31
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-10-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-10-19

💬Community

1
Bugzilla
CVE-2023-38432 kernel: ksmbd: out-of-bounds read in ksmbd_smb2_check_message2023-10-12