ZDI-CAN-21165: Linux Kernel ksmbd Chained Request NULL Pointer Dereference Denial-of-Service Vulnerability
First published: Thu Jul 20 2023(Updated: )
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of chained requests. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Linux Kernel vulnerability?
The vulnerability ID for this Linux Kernel vulnerability is ZDI-CAN-21165.
What is the severity of ZDI-CAN-21165?
The severity of ZDI-CAN-21165 is medium with a severity value of 5.9.
Which software is affected by ZDI-CAN-21165?
The Linux Kernel is affected by ZDI-CAN-21165.
Is authentication required to exploit ZDI-CAN-21165?
No, authentication is not required to exploit ZDI-CAN-21165.
How can I fix ZDI-CAN-21165?
There is no known fix for ZDI-CAN-21165 at the moment. It is recommended to follow the vendor's advisory for any updates or patches.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-979
- alias/ZDI-CAN-21165
- alias/CVE-2023-3866
- agent/software-canonical-lookup
- collector/zdi-published
- vendor/linux
- canonical/linux kernel