Severity
Medium
Analysis Summary
CVE-2023-39176 CVSS:5.8
Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the parsing of SMB2 requests that have a transform header. By sending a specially crafted request, an attacker could exploit this vulnerability to read past the end of an allocated buffer, and use this information to launch further attacks against the affected system.
CVE-2023-39179 CVSS:7.5
Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the handling of SMB2 read requests. By sending a specially crafted request, an attacker could exploit this vulnerability to read past the end of an allocated buffer, and use this information to launch further attacks against the affected system.
CVE-2023-39180 CVSS:4
Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the handling of SMB2_READ commands. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-4458 CVSS:4
Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the parsing of extended attributes in ksmbd smb2_open. By sending a specially crafted request, an attacker could exploit this vulnerability to read past the end of an allocated buffer, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-39176
- CVE-2023-39179
- CVE-2023-39180
- CVE-2023-4458
Affected Vendors
Affected Products
- Linux Kernel
Remediation
Refer to lore.kernel Website for patch, upgrade or suggested workaround information.