← back
CVE-2023-52440

ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()

EPSS 36.7%
In short

A buffer overflow vulnerability in ksmbd's NTLM authentication code allows an attacker to write more data than allocated when processing oversized session keys, potentially corrupting kernel memory.

Technical detail

CVE-2023-52440 is a heap buffer overflow in ksmbd_decode_ntlmssp_auth_blob() where insufficient validation of authblob->SessionKey.Length permits writing beyond the CIFS_KEY_SIZE buffer during ARC4 cipher operations. The vulnerability requires an attacker to control NTLM authentication messages sent to the SMB server, and can lead to kernel memory corruption or privilege escalation.

Summary generated and translated by AI from the official description.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
Affected products
Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fbahttps://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20