CVE-2023-3866
published 2025-08-16CVE-2023-3866: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session…
PriorityP335medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
14.33%
96.2th percentile
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.37-1 (bookworm) | linux 6.1.37-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < eb947403518ea3d93f6d89264bb1f5416bb0c7d0 | eb947403518ea3d93f6d89264bb1f5416bb0c7d0 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 854156d12caa9d36de1cf5f084591c7686cc8a9d | 854156d12caa9d36de1cf5f084591c7686cc8a9d |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < d1066c1b3663401cd23c0d6e60cdae750ce00c0f | d1066c1b3663401cd23c0d6e60cdae750ce00c0f |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 5005bcb4219156f1bf7587b185080ec1da08518e | 5005bcb4219156f1bf7587b185080ec1da08518e |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.37-1 | 6.1.37-1 |
| linux | linux_kernel | >= 0 < 6.3.11-1 | 6.3.11-1 |
| linux | linux_kernel | >= 0 < 6.3.11-1 | 6.3.11-1 |
| linux | linux_kernel | >= 0 < 5.15.0-86.96 | 5.15.0-86.96 |
| linux | linux_kernel | >= 5.15 < 5.15.121 | 5.15.121 |
| linux | linux_kernel | >= 5.16 < 6.1.36 | 6.1.36 |
| linux | linux_kernel | >= 6.2 < 6.3.10 | 6.3.10 |
| ubuntu | linux-intel-iotg-5.15 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL
vendor_ubuntu7.0HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-3866: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate
osv·2025-08-16·CVSS 5.5
CVE-2023-3866 [MEDIUM] CVE-2023-3866: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.
GHSA
GHSA-hwfv-6r5j-7xm3: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch valida
ghsa_unreviewed·2025-08-16
CVE-2023-3866 [MEDIUM] CWE-476 GHSA-hwfv-6r5j-7xm3: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch valida
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.
OSV
linux-starfive-6.2 vulnerabilities
osv·2023-11-28·CVSS 9.8
CVE-2023-25775 [CRITICAL] linux-starfive-6.2 vulnerabilities
linux-starfive-6.2 vulnerabilities
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (syste
OSV
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-
osv·2023-10-31·CVSS 4.7
[MEDIUM] linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive vulnerabilities
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)
Chih-Yen Chang discovered that t
OSV
linux-nvidia-6.2 vulnerabilities
osv·2023-10-31·CVSS 7.0
CVE-2022-45886 [HIGH] linux-nvidia-6.2 vulnerabilities
linux-nvidia-6.2 vulnerabilities
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel
contained a race condition during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-45886, CVE-2022-45919)
Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the
Linux kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2022-45887)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS im
OSV
linux-intel-iotg-5.15 vulnerabilities
osv·2023-10-24·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg-5.15 vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system
OSV
linux-raspi vulnerabilities
osv·2023-10-19·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (
OSV
linux-intel-iotg vulnerabilities
osv·2023-10-19·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system cras
OSV
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
osv·2023-10-06·CVSS 5.7
CVE-2023-1206 [MEDIUM] linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of ser
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15,
osv·2023-10-04·CVSS 5.7
[MEDIUM] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15,
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle vulnerabilities
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expos
Red Hat
kernel: ksmbd Chained Request NULL Pointer Dereference
vendor_redhat·2024-07-28·CVSS 5.5
CVE-2023-3866 [MEDIUM] CWE-476 kernel: ksmbd Chained Request NULL Pointer Dereference
kernel: ksmbd Chained Request NULL Pointer Dereference
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.
A flaw was found in the Linux kernel in the ksmbd component. The session id and tree id in the compound request are not properly validated. This can result in a NULL pointer dereference issue.
Statement: The ksmbd kernel component is not shipped with any Red Hat Products.
Package: kernel (Red Hat E
Ubuntu
Linux kernel (StarFive) vulnerabilities
vendor_ubuntu·2023-11-28·CVSS 5.6
CVE-2023-38432 [MEDIUM] Linux kernel (StarFive) vulnerabilities
Title: Linux kernel (StarFive) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-31·CVSS 4.7
CVE-2023-3772 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnera
Ubuntu
Linux kernel (NVIDIA) vulnerabilities
vendor_ubuntu·2023-10-31·CVSS 7.0
CVE-2023-3772 [HIGH] Linux kernel (NVIDIA) vulnerabilities
Title: Linux kernel (NVIDIA) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel
contained a race condition during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-45886, CVE-2022-45919)
Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the
Linux kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2022-45887)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in c
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-10-24·CVSS 5.7
CVE-2023-38432 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplie
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2023-10-19·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-suppl
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-10-19·CVSS 5.7
CVE-2023-38432 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplie
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-06·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A rem
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-10-04·CVSS 5.7
CVE-2023-4273 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A rem
Debian
CVE-2023-3866: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: vali...
vendor_debian·2023·CVSS 5.5
CVE-2023-3866 [MEDIUM] CVE-2023-3866: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: vali...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.
Scope: local
bookworm: resolved (fixed in 6.1.37-1)
bullseye: resolved
forky: resolved (fixed in 6.3.11-1)
sid: resolved (fixed in 6.3.11-1)
trixie: resolved (fixed in 6.3.11-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-16
Published