CVE-2023-4515
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate command request size
In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expected. Fix it by add check for request size of other commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 35f450f54dca1519bb24faacd0428db09f89a11f < 595679098bdcdbfbba91ebe07a2f7f208df93870 | affected |
| Linux | Linux | 9650cf70ec9d94ff34daa088b643229231723c26 < c6bef3bc30fd4a175aef846b7d928a6c40d091cd | affected |
| Linux | Linux | 2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d < ff7236b66d69582f90cf5616e63cfc3dc18142bb | affected |
| Linux | Linux | 2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d < 5aa4fda5aa9c2a5a7bac67b4a12b089ab81fee3c | affected |
| Linux | Linux | 768caf4019f0391c0b6452afe34cea1704133f7b | affected |
| Linux | Linux | 5.15.121 < 5.15.127 | affected |
| Linux | Linux | 6.1.36 < 6.1.46 | affected |
| Linux | Linux | 6.3.10 < 6.4 | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 5.15.127 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.46 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.11 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/595679098bdcdbfbba91ebe07a2f7f208df93870
- https://git.kernel.org/stable/c/c6bef3bc30fd4a175aef846b7d928a6c40d091cd
- https://git.kernel.org/stable/c/ff7236b66d69582f90cf5616e63cfc3dc18142bb
- https://git.kernel.org/stable/c/5aa4fda5aa9c2a5a7bac67b4a12b089ab81fee3c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.