Home > Vulnerability Database > CVE-2023-52442

Mend.io Vulnerability Database

CVE-2023-52442

Good to know:

Date: February 21, 2024

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_TREE_CONNECT_HE` is the first command in compound request, will return 0, i.e. The tree id check is skipped. This patch use ksmbd_req_buf_next() to get current command in compound.

Language: C

Severity Score

5.5

Related Resources (7)

Url: http://www.openwall.com/lists/oss-security/2024/03/18/2

Url: https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-52442

Url: https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac

Url: https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f

Url: https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e

Url: https://www.mend.io/vulnerability-database/CVE-2023-52442

Severity Score

5.5

Top Fix

Upgrade Version

Upgrade to version v5.15.145,v6.1.53,v6.4.16

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-52442

Good to know:

Date: February 21, 2024

Language: C

Severity Score

Related Resources (7)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?