CVE-2023-52440
published 2024-02-21CVE-2023-52440: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length…
PriorityP355high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
36.69%
98.3th percentile
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.52-1 (bookworm) | linux 6.1.52-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < bd554ed4fdc3d38404a1c43d428432577573e809 | bd554ed4fdc3d38404a1c43d428432577573e809 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 30fd6521b2fbd9b767e438e31945e5ea3e3a2fba | 30fd6521b2fbd9b767e438e31945e5ea3e3a2fba |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4 | 7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < ecd7e1c562cb08e41957fcd4b0e404de5ab38e20 | ecd7e1c562cb08e41957fcd4b0e404de5ab38e20 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 4b081ce0d830b684fdf967abc3696d1261387254 | 4b081ce0d830b684fdf967abc3696d1261387254 |
| linux | linux_kernel | >= 0 < 6.1.52-1 | 6.1.52-1 |
| linux | linux_kernel | >= 0 < 6.5.3-1 | 6.5.3-1 |
| linux | linux_kernel | >= 0 < 6.5.3-1 | 6.5.3-1 |
| linux | linux_kernel | >= 5.17.0 < 6.1.52 | 6.1.52 |
| linux | linux_kernel | >= 6.2.0 < 6.4.15 | 6.4.15 |
| linux | linux_kernel | >= 6.5.0 < 6.5.2 | 6.5.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gr5c-gf9x-ww6q: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->Sessio
ghsa_unreviewed·2024-02-21
CVE-2023-52440 [HIGH] CWE-119 GHSA-gr5c-gf9x-ww6q: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->Sessio
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.
OSV
CVE-2023-52440: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionK
osv·2024-02-21·CVSS 7.8
CVE-2023-52440 [HIGH] CVE-2023-52440: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionK
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
Debian
CVE-2023-52440: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ...
vendor_debian·2023·CVSS 7.8
CVE-2023-52440 [HIGH] CVE-2023-52440: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
Scope: local
bookworm: resolved (fixed in 6.1.52-1)
bullseye: resolved
forky: resolved (fixed in 6.5.3-1)
sid: resolved (fixed in 6.5.3-1)
trixie: resolved (fixed in 6.5.3-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fbahttps://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fbahttps://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20
2024-02-21
Published