CVE-2023-54250Linux vulnerability

7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes

Affected Packages4 packages

Linuxlinux/linux_kernel5.15.05.15.145+2
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxe2f34481b24db2fd634b5edb0a5bd0e4d38cc6e939f5b4b313b445c980a2a295bed28228c29228ed+4
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54250: In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the access2025-12-30
OSV
ksmbd: avoid out of bounds access in decode_preauth_ctxt()2025-12-30
GHSA
GHSA-f39w-x49r-j8p2: In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the acce2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: ksmbd: avoid out of bounds access in decode_preauth_ctxt()2025-12-30
Debian
CVE-2023-54250: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54250 Impact, Exploitability, and Mitigation Steps | Wiz