Home > Vulnerability Database > CVE-2023-3866

Mend.io Vulnerability Database

CVE-2023-3866

Date: August 16, 2025

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of chained requests. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Language: C

Severity Score

5.5

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3866

Url: https://github.com/gregkh/linux/commit/5005bcb4219156f1bf7587b185080ec1da08518e

Url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Url: https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d

Url: https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3866.json

Url: https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f

Url: https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-979/

Url: https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e

Url: https://www.mend.io/vulnerability-database/CVE-2023-3866

Severity Score

5.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3866

Date: August 16, 2025

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?