Security Advisory

CVE-2023-1194

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-03 07:41:35

Last updated 2025-02-13 16:39:17

Assigner redhat

State PUBLISHED

Description

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

← Browse all CVEs View on cve.org ↗