VDB
CVE-2023-39179
CVE-2023-39179
PUBLISHED
CVSS 7.5 HIGH
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
EPSS 0.06% · 17.6th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
EPSS Score
0.06%
17.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| linux | linux_kernel | |
| e202a1e8634b186da38cbbff85382ea2b9e297cf | ||
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9 |
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 4, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 26, 2025 EPSS Score