1. Home
  2. Vulnerabilities
  3. CVE-2023-1194

CVE-2023-1194

CVSS v3.1 8.1 (High)
81% Progress
EPSS 0.07 % (30th)
0.07% Progress
Affected Products 2
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parse_lease_state() function, the create_context object can access invalid memory.

Weaknesses
CWE-125
Out-of-bounds Read
CWE-416
Use After Free
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Red Hat, Inc.
Published Date
2023-11-03 08:15:07
(10 months ago)
Updated Date
2024-08-21 18:20:30
(3 weeks ago)

Affected Products

Fedoraproject

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 5.15 version and prior 5.15.145 version cpe:2.3:o:linux:linux_kernel >= 5.15 < 5.15.145
  Linux Kernel from 5.16 version and prior 6.1.34 version cpe:2.3:o:linux:linux_kernel >= 5.16 < 6.1.34
  Linux Kernel from 6.2 version and prior 6.3.8 version cpe:2.3:o:linux:linux_kernel >= 6.2 < 6.3.8
  Linux Kernel 6.4 Rc1 cpe:2.3:o:linux:linux_kernel:6.4:rc1
  Linux Kernel 6.4 Rc2 cpe:2.3:o:linux:linux_kernel:6.4:rc2
  Linux Kernel 6.4 Rc3 cpe:2.3:o:linux:linux_kernel:6.4:rc3
  Linux Kernel 6.4 Rc4 cpe:2.3:o:linux:linux_kernel:6.4:rc4
  Linux Kernel 6.4 Rc5 cpe:2.3:o:linux:linux_kernel:6.4:rc5

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 37 cpe:2.3:o:fedoraproject:fedora:37