CVE-2023-52440

Source
https://cve.org/CVERecord?id=CVE-2023-52440
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52440.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52440
Downstream
Published
2024-02-21T07:21:00.438Z
Modified
2026-07-08T07:31:01.123791095Z
Summary
ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob()

If authblob->SessionKey.Length is bigger than session key size(CIFSKEYSIZE), slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from SessionKey from client.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52440.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0626e6641f6b467447c81dd7678a69c66f7746cf
Fixed
bd554ed4fdc3d38404a1c43d428432577573e809
Fixed
30fd6521b2fbd9b767e438e31945e5ea3e3a2fba
Fixed
7f1d6cb0eb6af3a8088dc24b7ddee9a9711538c4
Fixed
ecd7e1c562cb08e41957fcd4b0e404de5ab38e20
Fixed
4b081ce0d830b684fdf967abc3696d1261387254

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52440.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.145
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.52
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.15
Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.5.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52440.json"