Buffer Length Validation Error in Linux Kernel's ksmbd Related to SMB2 File Operations
CVE-2023-4130

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 August 2025

What is CVE-2023-4130?

A vulnerability exists within the ksmbd component of the Linux kernel, which mishandles the validation of the next length in the file's extended attribute buffer during SMB2 file operations. The issue arises specifically when multiple smb2_ea_info buffers are present in a FILE_FULL_EA_INFORMATION request. Inadequate validation of the buffer length prior to accessing the subsequent entry can lead to improper memory access and potential exploitation. This flaw highlights the need for stringent checks based on the buffer length versus offsets derived from previous entries to ensure system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 4bf629262f9118ee91b1c3a518ebf2b3bcb22180

References

https://git.kernel.org/stable/c/aeb974907642be095e38ecb1a...
https://git.kernel.org/stable/c/f339d76a3a972601d0738b881...
https://git.kernel.org/stable/c/4bf629262f9118ee91b1c3a51...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.