A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
History

Thu, 14 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 12:15:00 +0000

Type Values Removed Values Added
Title kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Thu, 14 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
References

Wed, 13 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
Weaknesses CWE-125
References
Metrics threat_severity

None

cvssV3_1

{'score': 4.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-11-14T12:09:13.182Z

Updated: 2024-11-14T19:33:07.493Z

Reserved: 2023-08-21T14:33:34.575Z

Link: CVE-2023-4458

cve-icon Vulnrichment

Updated: 2024-11-14T18:54:25.188Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T12:15:17.487

Modified: 2024-11-15T13:58:08.913

Link: CVE-2023-4458

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-10T00:00:00Z

Links: CVE-2023-4458 - Bugzilla