CVE-2023-52755

ksmbd: fix slab out of bounds write in smb_inherit_dacl()

CVSS 8.4 HIGHEPSS 26.9%CWE-787

In short

A memory overflow vulnerability in the Linux kernel's ksmbd SMB server allows writing data beyond allocated memory boundaries in the smb_inherit_dacl() function. This can be exploited by an attacker to corrupt memory and potentially crash the system or execute arbitrary code.

Technical detail

The vulnerability occurs when offset values in SMB ACL inheritance operations exceed the allocated buffer size for the parent security descriptor (pntsd), resulting in out-of-bounds writes. The flaw affects ksmbd's smb_inherit_dacl() function; an authenticated SMB client can trigger this by sending specially crafted requests with malformed ACL data. Exploitation requires network access to the ksmbd service and valid SMB authentication credentials.

Summary generated and translated by AI from the official description.

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70 https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819 https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb