cbcvebase.
CVE-2023-52440
published 2024-02-21

CVE-2023-52440: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length…

PriorityP355high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
36.69%
98.3th percentile
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.52-1 (bookworm)linux 6.1.52-1 (bookworm)
linuxlinux
linuxlinux>= 0626e6641f6b467447c81dd7678a69c66f7746cf < bd554ed4fdc3d38404a1c43d428432577573e809bd554ed4fdc3d38404a1c43d428432577573e809
linuxlinux>= 0626e6641f6b467447c81dd7678a69c66f7746cf < 30fd6521b2fbd9b767e438e31945e5ea3e3a2fba30fd6521b2fbd9b767e438e31945e5ea3e3a2fba
linuxlinux>= 0626e6641f6b467447c81dd7678a69c66f7746cf < 7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c47f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4
linuxlinux>= 0626e6641f6b467447c81dd7678a69c66f7746cf < ecd7e1c562cb08e41957fcd4b0e404de5ab38e20ecd7e1c562cb08e41957fcd4b0e404de5ab38e20
linuxlinux>= 0626e6641f6b467447c81dd7678a69c66f7746cf < 4b081ce0d830b684fdf967abc3696d12613872544b081ce0d830b684fdf967abc3696d1261387254
linuxlinux_kernel>= 0 < 6.1.52-16.1.52-1
linuxlinux_kernel>= 0 < 6.5.3-16.5.3-1
linuxlinux_kernel>= 0 < 6.5.3-16.5.3-1
linuxlinux_kernel>= 5.17.0 < 6.1.526.1.52
linuxlinux_kernel>= 6.2.0 < 6.4.156.4.15
linuxlinux_kernel>= 6.5.0 < 6.5.26.5.2

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.