CVE-2023-52440 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba
https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254
https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4
https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809
https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-21T07:21:00.438Z

Updated: 2024-12-19T08:19:32.433Z

Reserved: 2024-02-20T12:30:33.291Z

Link: CVE-2023-52440

Vulnrichment

Updated: 2024-08-02T22:55:41.777Z

NVD

Status : Modified

Published: 2024-02-21T08:15:45.203

Modified: 2024-11-21T08:39:45.973

Link: CVE-2023-52440

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52440", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.291Z", "datePublished": "2024-02-21T07:21:00.438Z", "dateUpdated": "2024-12-19T08:19:32.433Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:19:32.433Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/auth.c"], "versions": [{"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "bd554ed4fdc3d38404a1c43d428432577573e809", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "30fd6521b2fbd9b767e438e31945e5ea3e3a2fba", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "ecd7e1c562cb08e41957fcd4b0e404de5ab38e20", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "4b081ce0d830b684fdf967abc3696d1261387254", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/auth.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.145", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.52", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.15", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.2", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809"}, {"url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba"}, {"url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4"}, {"url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20"}, {"url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254"}], "title": "ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.777Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52440", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:52.628151Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:31.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.777Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52440", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:52.628151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.143Z"}}], "cna": {"title": "ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "bd554ed4fdc3d38404a1c43d428432577573e809", "versionType": "git"}, {"status": "affected", "version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "30fd6521b2fbd9b767e438e31945e5ea3e3a2fba", "versionType": "git"}, {"status": "affected", "version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4", "versionType": "git"}, {"status": "affected", "version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "ecd7e1c562cb08e41957fcd4b0e404de5ab38e20", "versionType": "git"}, {"status": "affected", "version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "4b081ce0d830b684fdf967abc3696d1261387254", "versionType": "git"}], "programFiles": ["fs/smb/server/auth.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.145", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.52", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.4.15", "versionType": "semver", "lessThanOrEqual": "6.4.*"}, {"status": "unaffected", "version": "6.5.2", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/server/auth.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809"}, {"url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba"}, {"url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4"}, {"url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20"}, {"url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:19:32.433Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52440", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:19:32.433Z", "dateReserved": "2024-02-20T12:30:33.291Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-21T07:21:00.438Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "169F25B6-7A66-437D-B095-420A0C9D2628", "versionEndExcluding": "6.1.52", "versionStartIncluding": "5.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB08B8F4-BEEF-473F-8A44-8C0DC24B919C", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "496F2478-0324-4792-B3ED-95D8884323A4", "versionEndExcluding": "6.5.2", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige el desbordamiento de slub en ksmbd_decode_ntlmssp_auth_blob() Si authblob->SessionKey.Length es mayor que el tama\u00f1o de la clave de sesi\u00f3n (CIFS_KEY_SIZE), puede ocurrir un desbordamiento de slub en los c\u00f3digos de intercambio de claves. cifs_arc4_crypt copia a la matriz de claves de sesi\u00f3n desde SessionKey del cliente."}], "id": "CVE-2023-52440", "lastModified": "2024-11-21T08:39:45.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T08:15:45.203", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/30fd6521b2fbd9b767e438e31945e5ea3e3a2fba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd554ed4fdc3d38404a1c43d428432577573e809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ecd7e1c562cb08e41957fcd4b0e404de5ab38e20"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}