ГлавнаяУязвимости → CVE-2023-52441
7.8высокая

CVE-2023-52441

→ есть в БДУ: BDU:2024-01676 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

Затрагиваемое ПО
Linux Linux kernel
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bchttps://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452bhttps://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40bhttps://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895fhttps://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bchttps://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452bhttps://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40bhttps://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f