CVE-2023-52441

Published: Feb 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in init_smb2_rsp_hdr() If client send smb2 negotiate request and then send smb1 negotiate request, init_smb2_rsp_hdr is called for smb1 negotiate request since need_neg is set to false. This patch ignore smb1 packets after ->need_neg is set to false.

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 330d900620dfc9893011d725b3620cd2ee0bc2bc` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < aa669ef229ae8dd779da9caa24e254964545895f` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 536bb492d39bb6c080c92f31e8a55fe9934f452b`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `5.15.145 - <= 5.15.` unaffected `6.1.53 - <= 6.1.` unaffected `6.4.16 - <= 6.4.*` +1 more versions

References

https://git.kernel.org/stable/c/5c0df9d30c289d6b9d7d44e2a450de2f8e3cf40b

https://git.kernel.org/stable/c/330d900620dfc9893011d725b3620cd2ee0bc2bc

https://git.kernel.org/stable/c/aa669ef229ae8dd779da9caa24e254964545895f

https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52441

Description

Affected Products

References