First published: Wed May 17 2023(Updated: )
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Affected Software | Affected Version | How to fix |
---|---|---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Linux Kernel vulnerability is ZDI-23-696.
The severity level of the ZDI-23-696 vulnerability is high (7).
Remote attackers can create a denial-of-service condition on affected installations of Linux Kernel by exploiting the ZDI-23-696 vulnerability.
No, authentication is not required to exploit the ZDI-23-696 vulnerability, but only systems with ksmbd enabled are vulnerable.
You can find more information about the ZDI-23-696 vulnerability at the following references: [ZDI-23-696](http://www.zerodayinitiative.com/advisories/ZDI-23-696/), [Linux Kernel Commit](https://github.com/torvalds/linux/commit/3ac00a2ab69b34189942afa9e862d5170cdcb018), [ZDI-CAN-20479](https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/).