← Retour aux CVEs
CVE-2023-4458
MEDIUM4.0
Description
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
Details CVE
Score CVSS v3.14.0
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie11/14/2024
Derniere modification8/19/2025
Sourcenvd
Observations honeypot0
Produits affectes
linux:linux_kernel
Faiblesses (CWE)
CWE-125
References
https://access.redhat.com/security/cve/CVE-2023-4458(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2325516(patrick@puiterwijk.org)
https://www.zerodayinitiative.com/advisories/ZDI-24-590/(patrick@puiterwijk.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.