Home > Vulnerability Database > CVE-2023-3867

Mend.io Vulnerability Database

CVE-2023-3867

Good to know:

Date: July 24, 2023

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of session setup commands. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel.

Language: C

Severity Score

7.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3867

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-981/

Url: https://github.com/gregkh/linux/commit/7b7d709ef7cf285309157fb94c33f625dd22c5e1

Url: https://www.mend.io/vulnerability-database/CVE-2023-3867

Severity Score

7.3

Top Fix

Upgrade Version

Upgrade to version v6.1.40,v6.4.5,v6.5-rc1

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3867

Good to know:

Date: July 24, 2023

Language: C

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?