First published: Tue Jul 18 2023(Updated: )
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <6.3.9 | |
Linux Kernel | >=5.15<5.15.145 | |
Linux Kernel | >=5.16<6.1.35 | |
Linux Kernel | >=6.2<6.3.9 | |
NetApp SolidFire & HCI Management Node | ||
NetApp H300S Firmware | ||
NetApp H410S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38430 is classified as a high severity vulnerability due to its potential for exploitation via out-of-bounds read in the Linux kernel.
To fix CVE-2023-38430, users should upgrade to Linux kernel versions 6.3.10 or later, or apply the available patches.
CVE-2023-38430 affects various versions of the Linux kernel, specifically those before 6.3.9, along with certain NetApp hardware devices.
Attackers could exploit CVE-2023-38430 to perform out-of-bounds reads, potentially leading to information disclosure.
CVE-2023-38430 was last updated on 29 November 2024.