high
8.4
CWE
787
EPSS
0.128%
Advisory Published
Updated

CVE-2023-52755: ksmbd: fix slab out of bounds write in smb_inherit_dacl()

First published: Tue May 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.15<5.15.140
Linux Kernel>=5.16<6.1.64
Linux Kernel>=6.2<6.5.13
Linux Kernel>=6.6<6.6.3

Remedy

https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70

Remedy

https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb

Remedy

https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa

Remedy

https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819

Remedy

https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-52755?

    The severity of CVE-2023-52755 is categorized as medium due to the potential for out-of-bounds memory access in the kSMBD component.

  • How do I fix CVE-2023-52755?

    To fix CVE-2023-52755, upgrade your Linux kernel to versions 5.15.140, 6.1.64, or any version from 6.2 to 6.6.3 or later.

  • Who is affected by CVE-2023-52755?

    CVE-2023-52755 affects users running specific versions of the Linux kernel, particularly those between 5.15 and 6.6.3.

  • What type of vulnerability is CVE-2023-52755?

    CVE-2023-52755 is a memory corruption vulnerability related to slab out-of-bounds write in the Linux kernel.

  • When was CVE-2023-52755 resolved?

    CVE-2023-52755 was resolved with a patch released in the Linux kernel after the discovery of the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203