← Volver a CVEs
CVE-2023-4458
MEDIUM4.0
Descripcion
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
Detalles CVE
Puntuacion CVSS v3.14.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/14/2024
Ultima modificacion8/19/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
linux:linux_kernel
Debilidades (CWE)
CWE-125
Referencias
https://access.redhat.com/security/cve/CVE-2023-4458(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2325516(patrick@puiterwijk.org)
https://www.zerodayinitiative.com/advisories/ZDI-24-590/(patrick@puiterwijk.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.