Linux Kernel Vulnerability Affecting ksmbd by Performance Engineering
CVE-2023-3866
Currently unrated
What is CVE-2023-3866?
A vulnerability exists in the ksmbd component of the Linux kernel that can lead to NULL pointer dereferencing due to inadequate validation of session and tree IDs in compound requests. Specifically, when the first operation in a compound request is an SMB2 ECHO request, ksmbd allows the bypassing of essential validations. This flaw can result in work->sess and work->tcon being NULL. Subsequent requests that attempt to access these NULL pointers may cause critical errors, potentially leading to system instability or data breaches.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 854156d12caa9d36de1cf5f084591c7686cc8a9d
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2