An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 | Release Notes |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f | Patch |
https://security.netapp.com/advisory/ntap-20230831-0001/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
15 Dec 2023, 15:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
27 Jul 2023, 16:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 - Release Notes | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f - Patch | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
18 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-18 00:15
Updated : 2024-10-15 19:35
NVD link : CVE-2023-38428
Mitre link : CVE-2023-38428
CVE.ORG link : CVE-2023-38428
JSON object : View
Products Affected
netapp
- h300s
- solidfire_\&_hci_management_node
- solidfire_\&_hci_storage_node
- h500s
- h700s
- h410s
linux
- linux_kernel
CWE
CWE-125
Out-of-bounds Read