CVE-2023-3865

HIGH7.1

ksmbd: fix out-of-bound read in smb2_write

Published Aug 16, 2025

Modified 7 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out-of-bound read in smb2_write

ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write.

References

WEB

https://git.kernel.org/stable/c/3813eee5154d6a4c5875cb4444cb2b63bac8947f

WEB

https://git.kernel.org/stable/c/58a9c41064df27632e780c5a3ae3e0e4284957d1

WEB

https://git.kernel.org/stable/c/5fe7f7b78290638806211046a99f031ff26164e1

WEB

https://git.kernel.org/stable/c/c86211159bc3178b891e0d60e586a32c7b6a231b

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-3865

CVSS Analysis

CVSS v3.1

7.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

HighA:H

7.1/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Ecosystems

Timeline

PublishedAug 16, 2025

ModifiedAug 19, 2025

CVE-2023-3865 | Mondoo Vulnerability Intelligence