In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
If authblob->SessionKey.Length is bigger than session key
size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
cifs_arc4_crypt copy to session key array from SessionKey from client.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-02-21T07:21:00.438Z
Updated: 2024-09-11T17:33:31.499Z
Reserved: 2024-02-20T12:30:33.291Z
Link: CVE-2023-52440
Vulnrichment
Updated: 2024-09-11T12:42:17.143Z
NVD
Status : Modified
Published: 2024-02-21T08:15:45.203
Modified: 2024-05-28T20:16:22.187
Link: CVE-2023-52440
Redhat
No data.