SMB Command Request Size Validation Flaw in Linux Kernel
CVE-2023-4515

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2023-4515?

A vulnerability in the Linux kernel's ksmbd component affects the validation of command request sizes. Specifically, the request sizes for most commands are not properly checked, potentially allowing an attacker to exploit this oversight. This issue was resolved by introducing checks for the request size of commands, ensuring that only valid and expected sizes are processed. Failing to validate command sizes could lead to undefined behavior or exploitation in systems running vulnerable kernel versions.

Affected Version(s)

Linux 35f450f54dca1519bb24faacd0428db09f89a11f < 595679098bdcdbfbba91ebe07a2f7f208df93870

Linux 9650cf70ec9d94ff34daa088b643229231723c26

Linux 2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d

References

https://git.kernel.org/stable/c/595679098bdcdbfbba91ebe07...

https://git.kernel.org/stable/c/c6bef3bc30fd4a175aef846b7...

https://git.kernel.org/stable/c/ff7236b66d69582f90cf5616e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Aug 24, 2023