CVE-2023-52442
published 2024-02-21CVE-2023-52442: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in…
PriorityP336medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
17.44%
96.7th percentile
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.55-1 (bookworm) | linux 6.1.55-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 017d85c94f02090a87f4a473dbe0d6ee0da72693 | 017d85c94f02090a87f4a473dbe0d6ee0da72693 |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < becb5191d1d5fdfca0198a2e37457bbbf4fe266f | becb5191d1d5fdfca0198a2e37457bbbf4fe266f |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 4c2b350b2e269e3fd17bbfa42de1b42775b777ac | 4c2b350b2e269e3fd17bbfa42de1b42775b777ac |
| linux | linux | >= 0626e6641f6b467447c81dd7678a69c66f7746cf < 3df0411e132ee74a87aa13142dfd2b190275332e | 3df0411e132ee74a87aa13142dfd2b190275332e |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.55-1 | 6.1.55-1 |
| linux | linux_kernel | >= 0 < 6.5.3-1 | 6.5.3-1 |
| linux | linux_kernel | >= 0 < 6.5.3-1 | 6.5.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-102.112 | 5.15.0-102.112 |
| linux | linux_kernel | >= 5.15 < 5.15.145 | 5.15.145 |
| linux | linux_kernel | >= 5.16 < 6.1.53 | 6.1.53 |
| linux | linux_kernel | >= 6.2 < 6.4.16 | 6.4.16 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv8.1HIGH
vendor_ubuntu7.1HIGH
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2024-04-16·CVSS 7.1
CVE-2023-38427 [HIGH] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)
It was discovered that a race condition existed in the KSMBD imple
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-09·CVSS 7.1
CVE-2023-38427 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)
It was discovered that a race condition existed in the KSMBD implementat
Debian
CVE-2023-52442: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: vali...
vendor_debian·2023·CVSS 5.5
CVE-2023-52442 [MEDIUM] CVE-2023-52442: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: vali...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
Scope: local
bookworm: resolved (fixed in 6.1.55-1)
bullseye: resolved
forky: resolved (fixed in 6.5.3-1)
sid: resolved (fixed in 6.5.3-1)
trixie: resolved (fixed in 6.5.3-1)
OSV
linux-aws, linux-aws-5.15 vulnerabilities
osv·2024-04-16·CVSS 8.1
CVE-2023-1194 [HIGH] linux-aws, linux-aws-5.15 vulnerabilities
linux-aws, linux-aws-5.15 vulnerabilities
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)
It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, l
OSV
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel
osv·2024-04-09·CVSS 8.1
[HIGH] linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the L
GHSA
GHSA-5wjx-fx3x-22c6: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in s
ghsa_unreviewed·2024-02-21
CVE-2023-52442 [MEDIUM] GHSA-5wjx-fx3x-22c6: In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in s
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in compound request
`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()
will always return the first request smb2 header in a compound request.
if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will
return 0, i.e. The tree id check is skipped.
This patch use ksmbd_req_buf_next() to get current command in compound.
OSV
CVE-2023-52442: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb
osv·2024-02-21·CVSS 5.5
CVE-2023-52442 [MEDIUM] CVE-2023-52442: In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332ehttps://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777achttps://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266fhttps://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332ehttps://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777achttps://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f
2024-02-21
Published