First published: Tue Jul 18 2023(Updated: )
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <6.3.10 | |
Linux Kernel | >=5.15<5.15.121 | |
Linux Kernel | >=5.16<6.1.36 | |
Linux Kernel | >=6.2<6.3.10 | |
NetApp SolidFire & HCI Storage Node | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp H300S Firmware | ||
NetApp H410S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38432 is classified as a medium severity vulnerability due to its potential to lead to out-of-bounds reads in the Linux kernel.
To address CVE-2023-38432, upgrade to Linux kernel versions 6.3.10 or later, or apply available patches from your distribution.
CVE-2023-38432 affects Linux kernel versions before 6.3.10, including specific versions in the 5.15 and 5.16 series, as well as several NetApp appliances.
If your Linux kernel version is 6.3.10 or above, you are not vulnerable to CVE-2023-38432.
CVE-2023-38432 is a memory corruption issue resulting from improper validation of command payload sizes in the SMB protocol implementation.