Home > Vulnerability Database > CVE-2023-3867

Mend.io Vulnerability Database

CVE-2023-3867

Date: August 16, 2025

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of session setup commands. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel.

Language: C

Severity Score

7.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3867

Url: https://git.kernel.org/stable/c/ef572ffa8eb44111eed2925fbb2adca78bdcbf61

Url: https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-981/

Url: https://git.kernel.org/stable/c/98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8

Url: https://github.com/gregkh/linux/commit/7b7d709ef7cf285309157fb94c33f625dd22c5e1

Url: https://git.kernel.org/stable/c/676392184785ace61e939831e7ca44a03d438c3b

Url: https://www.mend.io/vulnerability-database/CVE-2023-3867

Severity Score

7.3

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3867

Date: August 16, 2025

Language: C

Severity Score

Related Resources (8)

Severity Score

CVSS v3.1

Do you need more information?