In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-02-21T07:21:00.438Z
Updated: 2024-12-19T08:19:32.433Z
Reserved: 2024-02-20T12:30:33.291Z
Link: CVE-2023-52440
Vulnrichment
Updated: 2024-08-02T22:55:41.777Z
NVD
Status : Modified
Published: 2024-02-21T08:15:45.203
Modified: 2024-11-21T08:39:45.973
Link: CVE-2023-52440
Redhat
No data.