← Back to CVEs
CVE-2023-4458
MEDIUM4.0
Description
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
CVE Details
CVSS v3.1 Score4.0
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/14/2024
Last Modified8/19/2025
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernel
Weaknesses (CWE)
CWE-125
References
https://access.redhat.com/security/cve/CVE-2023-4458(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2325516(patrick@puiterwijk.org)
https://www.zerodayinitiative.com/advisories/ZDI-24-590/(patrick@puiterwijk.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.