U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52755 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70
https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb
https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa
https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819
https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb

Weakness Enumeration

CWE-ID CWE Name Source
CWE-787 Out-of-bounds Write CISA-ADP  

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52755
NVD Published Date:
05/21/2024
NVD Last Modified:
08/01/2024
Source:
kernel.org