CVE-2023-3867

Public on 2023-09-13
Modified on 2024-02-27
Description
ksmbd: add missing compound request handing in some commands

NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-981/
NOTE: https://git.kernel.org/linus/7b7d709ef7cf285309157fb94c33f625dd22c5e1 (6.5-rc1)
Severity
Important severity
Important
CVSS v3 Base Score
7.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel Not Affected
Amazon Linux 2 - Core kernel Not Affected
Amazon Linux 2 - Kernel-5.10 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.15 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.4 Extra kernel Not Affected
Amazon Linux 2023 kernel Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

References

Red Hat: CVE-2023-3867 Mitre: CVE-2023-3867