CVE-2023-3866
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-3866
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3866.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-3866
- Downstream
- Published
- 2025-08-16T13:27:57Z
- Modified
- 2025-10-21T14:13:19.757757Z
- Summary
- ksmbd: validate session id and tree id in the compound request
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate session id and tree id in the compound request
This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e
- https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d
- https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f
- https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixedeb947403518ea3d93f6d89264bb1f5416bb0c7d0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed854156d12caa9d36de1cf5f084591c7686cc8a9d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixedd1066c1b3663401cd23c0d6e60cdae750ce00c0f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixed5005bcb4219156f1bf7587b185080ec1da08518e
Affected versions
v5.*
v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.104
v5.15.105
v5.15.106
v5.15.107
v5.15.108
v5.15.109
v5.15.11
v5.15.110
v5.15.111
v5.15.112
v5.15.113
v5.15.114
v5.15.115
v5.15.116
v5.15.117
v5.15.118
v5.15.119
v5.15.12
v5.15.120
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1066c1b3663401cd23c0d6e60cdae750ce00c0f",
"id": "CVE-2023-3866-01c21f73",
"digest": {
"function_hash": "51658026496125893869267915930610721970",
"length": 551.0
},
"target": {
"function": "smb2_check_user_session",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5005bcb4219156f1bf7587b185080ec1da08518e",
"id": "CVE-2023-3866-1abf003a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"19377509034539034966105917485935205732",
"296426338255953836383852185467717717033",
"170138534016413696835862443013351789014",
"336060456380232932285749309586024813973",
"118683840042434214708825899470617812721",
"239587488263740324810916160248675910279",
"134738505580861096318761602512464798577",
"238302778316225268898378557513033399366",
"121831217648899347259694606151718407508",
"67039376667685660764847743763588385106",
"328319207426412413267213728004270223561",
"8532172087941725979342575608489578276",
"236726211491082952308401550505440857813",
"290840767088519689156318632112194810364",
"204875600737447811316108661738911348082",
"260524006171949445179576645680397931947",
"8127631615736030531485837480603898204",
"252574485712969882390480168183888526887",
"301704517585018280066019842031034975450",
"131957988345946097008730356141031115397"
]
},
"target": {
"file": "fs/smb/server/server.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb947403518ea3d93f6d89264bb1f5416bb0c7d0",
"id": "CVE-2023-3866-2003e642",
"digest": {
"function_hash": "222828916782452017511348481785141928761",
"length": 540.0
},
"target": {
"function": "smb2_check_user_session",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@854156d12caa9d36de1cf5f084591c7686cc8a9d",
"id": "CVE-2023-3866-20ce6acf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"267242770938056707685734820599829800749",
"291800898915931027443665200663440822535",
"1284858620700519204524976307979858318",
"287456224673710019090457876668619593140",
"200216563264256439142659459251517555664",
"99908170931663940424761157640203870596",
"27741602090142187058648638301037587493",
"291813553625938596167011780204210591299",
"48986189948527503971952488597098366038",
"71213142967054930950841377869500280622",
"67449277874346076267028449647186358003",
"18558859952585831897674541591496019890",
"158237971288520947933486848813701798441",
"150121467915037224418266654940488836124",
"270131202633379580848013588943467073525",
"134424682372636945666866844109924004751",
"338658923237748833725704714425239532555",
"47798365528593122425948200981551362332",
"257514322129342949052191618997009976472",
"131125023786940800632023894110445593396",
"133386468890301905080126437118760078992",
"78295184216052625710784499611708833663",
"190462755204058514606693048621684279676",
"277765686370586621393294564203138825910",
"5609077463187768930044564356096404188",
"239534310717662232206936298640361912316"
]
},
"target": {
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1066c1b3663401cd23c0d6e60cdae750ce00c0f",
"id": "CVE-2023-3866-2592ca6f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"19377509034539034966105917485935205732",
"296426338255953836383852185467717717033",
"170138534016413696835862443013351789014",
"336060456380232932285749309586024813973",
"118683840042434214708825899470617812721",
"239587488263740324810916160248675910279",
"134738505580861096318761602512464798577",
"238302778316225268898378557513033399366",
"121831217648899347259694606151718407508",
"67039376667685660764847743763588385106",
"328319207426412413267213728004270223561",
"8532172087941725979342575608489578276",
"236726211491082952308401550505440857813",
"290840767088519689156318632112194810364",
"204875600737447811316108661738911348082",
"260524006171949445179576645680397931947",
"8127631615736030531485837480603898204",
"252574485712969882390480168183888526887",
"301704517585018280066019842031034975450",
"131957988345946097008730356141031115397"
]
},
"target": {
"file": "fs/ksmbd/server.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@854156d12caa9d36de1cf5f084591c7686cc8a9d",
"id": "CVE-2023-3866-2ea38f9b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"19377509034539034966105917485935205732",
"296426338255953836383852185467717717033",
"170138534016413696835862443013351789014",
"336060456380232932285749309586024813973",
"118683840042434214708825899470617812721",
"239587488263740324810916160248675910279",
"134738505580861096318761602512464798577",
"238302778316225268898378557513033399366",
"121831217648899347259694606151718407508",
"67039376667685660764847743763588385106",
"328319207426412413267213728004270223561",
"8532172087941725979342575608489578276",
"236726211491082952308401550505440857813",
"290840767088519689156318632112194810364",
"204875600737447811316108661738911348082",
"260524006171949445179576645680397931947",
"8127631615736030531485837480603898204",
"252574485712969882390480168183888526887",
"301704517585018280066019842031034975450",
"131957988345946097008730356141031115397"
]
},
"target": {
"file": "fs/ksmbd/server.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@854156d12caa9d36de1cf5f084591c7686cc8a9d",
"id": "CVE-2023-3866-4032cf20",
"digest": {
"function_hash": "2877946218821253804395747297594387326",
"length": 643.0
},
"target": {
"function": "smb2_get_ksmbd_tcon",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5005bcb4219156f1bf7587b185080ec1da08518e",
"id": "CVE-2023-3866-59870511",
"digest": {
"function_hash": "1039125785357466364743701976815573287",
"length": 1861.0
},
"target": {
"function": "__handle_ksmbd_work",
"file": "fs/smb/server/server.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5005bcb4219156f1bf7587b185080ec1da08518e",
"id": "CVE-2023-3866-654b931a",
"digest": {
"function_hash": "51658026496125893869267915930610721970",
"length": 551.0
},
"target": {
"function": "smb2_check_user_session",
"file": "fs/smb/server/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb947403518ea3d93f6d89264bb1f5416bb0c7d0",
"id": "CVE-2023-3866-8ba7cacb",
"digest": {
"threshold": 0.9,
"line_hashes": [
"19377509034539034966105917485935205732",
"296426338255953836383852185467717717033",
"170138534016413696835862443013351789014",
"336060456380232932285749309586024813973",
"118683840042434214708825899470617812721",
"239587488263740324810916160248675910279",
"134738505580861096318761602512464798577",
"238302778316225268898378557513033399366",
"121831217648899347259694606151718407508",
"67039376667685660764847743763588385106",
"328319207426412413267213728004270223561",
"8532172087941725979342575608489578276",
"236726211491082952308401550505440857813",
"290840767088519689156318632112194810364",
"204875600737447811316108661738911348082",
"260524006171949445179576645680397931947",
"8127631615736030531485837480603898204",
"252574485712969882390480168183888526887",
"301704517585018280066019842031034975450",
"131957988345946097008730356141031115397"
]
},
"target": {
"file": "fs/ksmbd/server.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb947403518ea3d93f6d89264bb1f5416bb0c7d0",
"id": "CVE-2023-3866-8fa14e6c",
"digest": {
"function_hash": "1039125785357466364743701976815573287",
"length": 1861.0
},
"target": {
"function": "__handle_ksmbd_work",
"file": "fs/ksmbd/server.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb947403518ea3d93f6d89264bb1f5416bb0c7d0",
"id": "CVE-2023-3866-9ab6a6fe",
"digest": {
"function_hash": "191661037388961588597197140198877901883",
"length": 705.0
},
"target": {
"function": "smb2_get_ksmbd_tcon",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1066c1b3663401cd23c0d6e60cdae750ce00c0f",
"id": "CVE-2023-3866-b0ce9346",
"digest": {
"function_hash": "2877946218821253804395747297594387326",
"length": 643.0
},
"target": {
"function": "smb2_get_ksmbd_tcon",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@854156d12caa9d36de1cf5f084591c7686cc8a9d",
"id": "CVE-2023-3866-b795f845",
"digest": {
"function_hash": "1039125785357466364743701976815573287",
"length": 1861.0
},
"target": {
"function": "__handle_ksmbd_work",
"file": "fs/ksmbd/server.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb947403518ea3d93f6d89264bb1f5416bb0c7d0",
"id": "CVE-2023-3866-bc480dce",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170106489239023437947364895154561666211",
"199389766838996449150299917783520150760",
"1226518451683452763061998528673069850",
"173829522386253750898623888266960966010",
"200216563264256439142659459251517555664",
"99908170931663940424761157640203870596",
"27741602090142187058648638301037587493",
"291813553625938596167011780204210591299",
"48986189948527503971952488597098366038",
"71213142967054930950841377869500280622",
"67449277874346076267028449647186358003",
"18558859952585831897674541591496019890",
"158237971288520947933486848813701798441",
"150121467915037224418266654940488836124",
"270131202633379580848013588943467073525",
"134424682372636945666866844109924004751",
"296178061407355951756680124131637858058",
"716748497768350844960586302139182384",
"340245929427507580555418051145682271083",
"131125023786940800632023894110445593396",
"133386468890301905080126437118760078992",
"78295184216052625710784499611708833663",
"190462755204058514606693048621684279676",
"277765686370586621393294564203138825910",
"5609077463187768930044564356096404188",
"239534310717662232206936298640361912316"
]
},
"target": {
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5005bcb4219156f1bf7587b185080ec1da08518e",
"id": "CVE-2023-3866-d07bf0f1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"267242770938056707685734820599829800749",
"291800898915931027443665200663440822535",
"1284858620700519204524976307979858318",
"287456224673710019090457876668619593140",
"200216563264256439142659459251517555664",
"99908170931663940424761157640203870596",
"27741602090142187058648638301037587493",
"291813553625938596167011780204210591299",
"48986189948527503971952488597098366038",
"71213142967054930950841377869500280622",
"67449277874346076267028449647186358003",
"18558859952585831897674541591496019890",
"158237971288520947933486848813701798441",
"150121467915037224418266654940488836124",
"270131202633379580848013588943467073525",
"134424682372636945666866844109924004751",
"338658923237748833725704714425239532555",
"47798365528593122425948200981551362332",
"257514322129342949052191618997009976472",
"131125023786940800632023894110445593396",
"133386468890301905080126437118760078992",
"78295184216052625710784499611708833663",
"190462755204058514606693048621684279676",
"277765686370586621393294564203138825910",
"5609077463187768930044564356096404188",
"239534310717662232206936298640361912316"
]
},
"target": {
"file": "fs/smb/server/smb2pdu.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1066c1b3663401cd23c0d6e60cdae750ce00c0f",
"id": "CVE-2023-3866-d23ccde4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"267242770938056707685734820599829800749",
"291800898915931027443665200663440822535",
"1284858620700519204524976307979858318",
"287456224673710019090457876668619593140",
"200216563264256439142659459251517555664",
"99908170931663940424761157640203870596",
"27741602090142187058648638301037587493",
"291813553625938596167011780204210591299",
"48986189948527503971952488597098366038",
"71213142967054930950841377869500280622",
"67449277874346076267028449647186358003",
"18558859952585831897674541591496019890",
"158237971288520947933486848813701798441",
"150121467915037224418266654940488836124",
"270131202633379580848013588943467073525",
"134424682372636945666866844109924004751",
"338658923237748833725704714425239532555",
"47798365528593122425948200981551362332",
"257514322129342949052191618997009976472",
"131125023786940800632023894110445593396",
"133386468890301905080126437118760078992",
"78295184216052625710784499611708833663",
"190462755204058514606693048621684279676",
"277765686370586621393294564203138825910",
"5609077463187768930044564356096404188",
"239534310717662232206936298640361912316"
]
},
"target": {
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5005bcb4219156f1bf7587b185080ec1da08518e",
"id": "CVE-2023-3866-ee5f41bb",
"digest": {
"function_hash": "2877946218821253804395747297594387326",
"length": 643.0
},
"target": {
"function": "smb2_get_ksmbd_tcon",
"file": "fs/smb/server/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@854156d12caa9d36de1cf5f084591c7686cc8a9d",
"id": "CVE-2023-3866-f20da448",
"digest": {
"function_hash": "51658026496125893869267915930610721970",
"length": 551.0
},
"target": {
"function": "smb2_check_user_session",
"file": "fs/ksmbd/smb2pdu.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1066c1b3663401cd23c0d6e60cdae750ce00c0f",
"id": "CVE-2023-3866-f2721031",
"digest": {
"function_hash": "1039125785357466364743701976815573287",
"length": 1861.0
},
"target": {
"function": "__handle_ksmbd_work",
"file": "fs/ksmbd/server.c"
},
"signature_type": "Function",
"signature_version": "v1"
}
]