VDB

CVE-2023-54250

CVE-2023-54250 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decode_preauth_ctxt() Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within the SMB request boundary; deassemble_neg_contexts() only checks that the eight byte smb2_neg_context header + (client controlled) DataLength are within the packet boundary, which is insufficient. Checking for sizeof(struct smb2_preauth_neg_context) is overkill given that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt.

EPSS 0.02% · 7.2th percentile

Risk Scores

EPSS Score
0.02%
7.2th percentile

Affected Products

VendorProductVersions
LinuxLinux0, 6.2.12, *
linuxlinux_kernel5.15, 5.15, 5.15

Timeline

  • Dec 30, 2025 CVE Published
  • Dec 30, 2025 PoC Published
  • Dec 31, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 7, 2026 EPSS Score
  • Jan 10, 2026 EPSS Score
  • Jan 14, 2026 EPSS Score
  • Jan 17, 2026 EPSS Score
  • Jan 21, 2026 EPSS Score
  • Jan 24, 2026 EPSS Score
  • Jan 28, 2026 EPSS Score
  • Jan 31, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›