A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability | Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
|
Thu, 14 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. |
References |
|
Wed, 13 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability | |
Weaknesses | CWE-125 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fedora
Published: 2024-11-14T12:09:13.182Z
Updated: 2024-11-14T19:33:07.493Z
Reserved: 2023-08-21T14:33:34.575Z
Link: CVE-2023-4458
Vulnrichment
Updated: 2024-11-14T18:54:25.188Z
NVD
Status : Awaiting Analysis
Published: 2024-11-14T12:15:17.487
Modified: 2024-11-15T13:58:08.913
Link: CVE-2023-4458
Redhat