CVE-2023-52441 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc
https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b
https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b
https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f

History

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-21T07:21:01.075Z

Updated: 2024-09-11T17:33:54.916Z

Reserved: 2024-02-20T12:30:33.291Z

Link: CVE-2023-52441

Vulnrichment

Updated: 2024-08-02T22:55:41.809Z

NVD

Status : Modified

Published: 2024-02-21T08:15:45.463

Modified: 2024-05-28T20:16:22.480

Link: CVE-2023-52441

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52441", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.291Z", "datePublished": "2024-02-21T07:21:01.075Z", "dateUpdated": "2024-09-11T17:33:54.916Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:11:56.238Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/server.c", "fs/smb/server/smb_common.c", "fs/smb/server/smb_common.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "5c0df9d30c28", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "330d900620df", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "aa669ef229ae", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "536bb492d39b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/server.c", "fs/smb/server/smb_common.c", "fs/smb/server/smb_common.h"], "versions": [{"version": "5.15.145", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.53", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.4.16", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b"}, {"url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc"}, {"url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f"}, {"url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b"}], "title": "ksmbd: fix out of bounds in init_smb2_rsp_hdr()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.809Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:49.418159Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:54.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.809Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:49.418159Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.575Z"}}], "cna": {"title": "ksmbd: fix out of bounds in init_smb2_rsp_hdr()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "5c0df9d30c28", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "330d900620df", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "aa669ef229ae", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "536bb492d39b", "versionType": "git"}], "programFiles": ["fs/smb/server/server.c", "fs/smb/server/smb_common.c", "fs/smb/server/smb_common.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.145", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.53", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.4.16", "versionType": "custom", "lessThanOrEqual": "6.4.*"}, {"status": "unaffected", "version": "6.5", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/server/server.c", "fs/smb/server/smb_common.c", "fs/smb/server/smb_common.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b"}, {"url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc"}, {"url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f"}, {"url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:11:56.238Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52441", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:54.916Z", "dateReserved": "2024-02-20T12:30:33.291Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-21T07:21:01.075Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FF1671D-E1DC-4CBC-8438-A46DF4F1E978", "versionEndExcluding": "5.15.145", "versionStartIncluding": "5.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10E7E9D1-2299-4B6E-945D-98FF23478015", "versionEndExcluding": "6.1.53", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "447B7633-4054-4954-8C80-6F6098C5574B", "versionEndExcluding": "6.4.16", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: correcci\u00f3n fuera de los l\u00edmites en init_smb2_rsp_hdr() Si el cliente env\u00eda una solicitud de negociaci\u00f3n smb2 y luego env\u00eda una solicitud de negociaci\u00f3n smb1, se llama a init_smb2_rsp_hdr para la solicitud de negociaci\u00f3n smb1 ya que need_neg est\u00e1 configurado en falso. Este parche ignora los paquetes smb1 despu\u00e9s de que ->need_neg se establece en falso."}], "id": "CVE-2023-52441", "lastModified": "2024-05-28T20:16:22.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T08:15:45.463", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}