CVE-2023-52755

ksmbd: fix slab out of bounds write in smb_inherit_dacl()

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size.

References

Link	Tags
https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819	patch
https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa	patch
https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70	patch
https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb	patch
https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb	patch

Frequently Asked Questions

What is the severity of CVE-2023-52755?: CVE-2023-52755 has been scored as a high severity vulnerability.
How to fix CVE-2023-52755?: To fix CVE-2023-52755, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52755 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-52755 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52755?: CVE-2023-52755 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions