Use-after-free in parse_lease_state()
CVE-2023-1194

8.1HIGH

Key Information:

Vendor: Red Hat
Status: kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 3 November 2023

Summary

A flaw exists in the KSMBD implementation of the in-kernel Samba server, where an out-of-bounds memory read can occur due to inadequate validation of input data. This vulnerability allows an attacker to exploit the parse_lease_state function by sending a malformed CREATE command, resulting in unauthorized access to invalid memory. This flaw poses significant security risks for systems relying on KSMBD for CIFS functionality, and immediate attention to patching and mitigation is advised.

References

https://access.redhat.com/security/cve/CVE-2023-1194

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2154176

issue-trackingx_refsource_REDHAT

https://www.spinics.net/lists/stable-commits/msg303065.html

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Mar 6, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Pumpkin (@u1f383) (DEVCORE Internship Program, and NYCU Software Security LAB) for reporting this issue.