CVE-2023-52440 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-52440

CVE-2023-52440

February 21, 2024

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.

Related Resources (9)

https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20

https://nvd.nist.gov/vuln/detail/CVE-2023-52440

https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba

https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809

https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254

http://www.openwall.com/lists/oss-security/2024/03/18/2

https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4

https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52440.json

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

EPSS

Base Score:

0.46

Products

Solutions

Resources

Company

Compare

Developer Tools