VDB
CVE-2023-38427
CVE-2023-38427
PUBLISHED
Im Linux Kernel existieren mehrere Schwachstellen. Die Fehler bestehen in der Komponente ksmbd aufgrund eines Integer-Unterlaufs und eines Out-of-bounds-Read in deassemble_neg_contexts sowie eines Out-of-bounds-Read in fs/smb/server/connection.c. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen.
EPSS 0.10% · 26.5th percentile
Risk Scores
EPSS Score
0.10%
26.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux |
Exploit Intelligence
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
Timeline
- Jul 17, 2023 CVE Published
- Jul 18, 2023 EPSS Score
- Aug 21, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 3, 2023 EPSS Score
- Feb 9, 2024 EPSS Score
- Mar 15, 2024 EPSS Score
- Apr 18, 2024 EPSS Score
- May 22, 2024 EPSS Score
- Jun 26, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1770.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1770 advisory
- https://github.com/advisories/GHSA-229r-cp46-m292 advisory
- https://github.com/advisories/GHSA-f4cj-v28g-9hh9 advisory
- https://ubuntu.com/security/notices/USN-6412-1 advisory
- https://ubuntu.com/security/notices/USN-6466-1 advisory
- https://ubuntu.com/security/notices/USN-6725-1 advisory
- https://ubuntu.com/security/notices/USN-6725-2 advisory