VDB
CVE-2023-39176
CVE-2023-39176
PUBLISHED
CVSS 5.800000190734863 MEDIUM
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
EPSS 0.09% · 25.0th percentile
Risk Scores
CVSS v3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.09%
25.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| 5aa4fda5aa9c2a5a7bac67b4a12b089ab81fee3c | ||
| Red Hat | Red Hat Enterprise Linux 9 | |
| linux | linux_kernel | |
| Red Hat | Red Hat Enterprise Linux 7 |
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 4, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 26, 2025 EPSS Score