CVE-2023-38426

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jul 18, 2023

Updated: Dec 22, 2023

CWE ID 125

Summary

CVE-2023-38426 is a vulnerability affecting Linux kernels prior to version 6.3.4. This issue resides in the ksmbd component of the SMB (Server Message Block) subsystem. Specifically, an out-of-bounds read error is identified within the function smb2_find_context_vals during the execution of create_context. When the name_len parameter exceeds the tag length, ksmbd encounters this issue, potentially leading to security implications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sB0Sbl
https://www.cve.org/CVERecord?id=CVE-2023-38426
https://nvd.nist.gov/vuln/detail/CVE-2023-38426

Back to Vulnerability Database