VDB
CVE-2023-39180
CVE-2023-39180
PUBLISHED
CVSS 4 MEDIUM
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
EPSS 0.06% · 18.8th percentile
Risk Scores
CVSS v3.1
4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.06%
18.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| linux | linux_kernel | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| e202a1e8634b186da38cbbff85382ea2b9e297cf |
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 4, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 26, 2025 EPSS Score