Main Vulnerability Database SB20240620144

SB20240620144 - Out-of-bounds read in Linux kernel

Published: June 20, 2024

Security Bulletin ID SB20240620144

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2023-1194)

The vulnerability allows a remote user to read data or crash the application.

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2154176
https://www.spinics.net/lists/stable-commits/msg303065.html
https://access.redhat.com/security/cve/CVE-2023-1194
https://security.netapp.com/advisory/ntap-20231221-0006/