CVE-2023-52441

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds in init_smb2_rsp_hdr()

If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40baffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 330d900620dfc9893011d725b3620cd2ee0bc2bcaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < aa669ef229ae8dd779da9caa24e254964545895faffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 536bb492d39bb6c080c92f31e8a55fe9934f452baffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.145 <= 5.15.*unaffected
LinuxLinux6.1.53 <= 6.1.*unaffected
LinuxLinux6.4.16 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References