Kernel: out-of-bounds read vulnerability in smbcalcsize
CVE-2023-6606

7.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Enterprise Linux 9
Vendor
CVE Published:
8 December 2023
đź”” Create Red Hat Vulnerability Alert

What is CVE-2023-6606?

An out-of-bounds read vulnerability was identified in the smbCalcSize function within the Linux Kernel. This flaw may allow a local attacker to exploit the system, potentially resulting in a crash or the unauthorized disclosure of sensitive internal kernel information. Proper mitigation strategies are essential to prevent exploitation of this vulnerability in affected systems.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.0-513.18.1.rt7.320.el8_9

Red Hat Enterprise Linux 8 0:4.18.0-513.18.1.el8_9

Red Hat Enterprise Linux 8.6 Extended Update Support 0:4.18.0-372.95.1.el8_6

References

https://access.redhat.com/errata/RHSA-2024:0723
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0725
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0881
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.