A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
Fixes

Solution

No solution given by the vendor.


Workaround

The vulnerability is most commonly associated with the "acl_xattr" module and can be mitigated by setting: ~~~ "acl_xattr:ignore system acls = no" ~~~

History

Sat, 30 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00476}

epss

{'score': 0.00409}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T06:03:45.905Z

Reserved: 2023-08-02T09:43:21.439Z

Link: CVE-2023-4091

cve-icon Vulnrichment

Updated: 2024-08-02T07:17:11.687Z

cve-icon NVD

Status : Modified

Published: 2023-11-03T08:15:08.197

Modified: 2024-11-21T08:34:22.283

Link: CVE-2023-4091

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-10-10T00:00:00Z

Links: CVE-2023-4091 - Bugzilla

cve-icon OpenCVE Enrichment

No data.