CVE-2023-4458

Sažetak

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Reference

https://access.redhat.com/security/cve/CVE-2023-4458
https://bugzilla.redhat.com/show_bug.cgi?id=2325516
https://www.zerodayinitiative.com/advisories/ZDI-24-590/

CVSS

Base:	4.0
Impact:	1.4
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Zadnje važnije ažuriranje

14-11-2024 - 12:15

Objavljeno

14-11-2024 - 12:15