CVE-2023-39176

Sažetak

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Reference

https://access.redhat.com/security/cve/CVE-2023-39176
https://bugzilla.redhat.com/show_bug.cgi?id=2326503
https://www.zerodayinitiative.com/advisories/ZDI-24-586/

CVSS

Base:	5.8
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Zadnje važnije ažuriranje

18-11-2024 - 17:11

Objavljeno

18-11-2024 - 10:15