Out of Bounds Read Vulnerability in Linux Kernel ksmbd Component
CVE-2023-3867

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2023-3867?

A vulnerability exists in the Linux kernel's ksmbd component, specifically related to the handling of SMB2 session setups in compound requests. When the second payload of a compound request is processed, an out of bounds read issue may occur while handling the first payload in the smb2_sess_setup() function. This flaw can potentially expose sensitive information or lead to unexpected system behavior, emphasizing the importance of timely updates and security patches.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 676392184785ace61e939831e7ca44a03d438c3b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2ba03cecb12ac7ac9e0170e251543c56832d9959

References

https://git.kernel.org/stable/c/676392184785ace61e939831e...

https://git.kernel.org/stable/c/ef572ffa8eb44111eed2925fb...

https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e25...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Jul 24, 2023