CVE-2023-39179

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-39179

Severity

7.5

High

CVSS V3

Description

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

References

https://images.chainguard.dev/security/CGA-9677-gvjc-296r
https://github.com/advisories/GHSA-jq6r-jfg5-r4xg
https://images.chainguard.dev/security/CGA-29rf-5hj4-qmx3
https://images.chainguard.dev/security/CGA-5hjv-gphv-xfx9
https://images.chainguard.dev/security/CGA-qxpg-75x9-92cj
https://images.chainguard.dev/security/CGA-gj5g-m26q-9p5r
https://images.chainguard.dev/security/CGA-4cqm-m3h3-fqp7
https://images.chainguard.dev/security/CGA-84rj-494w-wpfh
https://images.chainguard.dev/security/CGA-c43v-m2j3-94vh
https://images.chainguard.dev/security/CGA-7wrf-hh5r-c558
https://access.redhat.com/security/cve/CVE-2023-39179
https://bugzilla.redhat.com/show_bug.cgi?id=2326529
https://www.zerodayinitiative.com/advisories/ZDI-24-586/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2023-39179

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company