CVE-2023-54203
- Source
- https://cve.org/CVERecord?id=CVE-2023-54203
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54203.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-54203
- Downstream
- Published
- 2025-12-30T12:09:07.538Z
- Modified
- 2026-04-02T09:43:43.788535Z
- Summary
- ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix slab-out-of-bounds in initsmb2rsp_hdr
When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate(56bytes) , initsmb2rsphdr() for smb2 is called. The issue occurs while handling smb1 negotiate as smb2 server operations. Add smb server operations for smb1 (getcmdval, initrsphdr, allocaterspbuf, checkusersession) to handle smb1 negotiate so that smb2 server operation does not handle it.
[ 411.400423] CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers [ 411.400452] CIFS: Attempting to mount \192.168.45.139\homes [ 411.479312] ksmbd: initsmb2rsphdr : 492 [ 411.479323] ================================================================== [ 411.479327] BUG: KASAN: slab-out-of-bounds in initsmb2rsphdr+0x1e2/0x1f4 [ksmbd] [ 411.479369] Read of size 16 at addr ffff888488ed0734 by task kworker/14:1/199
[ 411.479379] CPU: 14 PID: 199 Comm: kworker/14:1 Tainted: G OE 6.1.21 #3 [ 411.479386] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3801 08/23/2019 [ 411.479390] Workqueue: ksmbd-io handleksmbdwork [ksmbd] [ 411.479425] Call Trace: [ 411.479428] <TASK> [ 411.479432] dumpstacklvl+0x49/0x63 [ 411.479444] printreport+0x171/0x4a8 [ 411.479452] ? kasancompletemodereportinfo+0x3c/0x200 [ 411.479463] ? initsmb2rsphdr+0x1e2/0x1f4 [ksmbd] [ 411.479497] kasanreport+0xb4/0x130 [ 411.479503] ? initsmb2rsphdr+0x1e2/0x1f4 [ksmbd] [ 411.479537] kasancheckrange+0x149/0x1e0 [ 411.479543] memcpy+0x24/0x70 [ 411.479550] initsmb2rsphdr+0x1e2/0x1f4 [ksmbd] [ 411.479585] handleksmbdwork+0x109/0x760 [ksmbd] [ 411.479616] ? rawspinunlockirqrestore+0x50/0x50 [ 411.479624] ? smb3encryptresp+0x340/0x340 [ksmbd] [ 411.479656] processonework+0x49c/0x790 [ 411.479667] workerthread+0x2b1/0x6e0 [ 411.479674] ? processonework+0x790/0x790 [ 411.479680] kthread+0x177/0x1b0 [ 411.479686] ? kthreadcompleteandexit+0x30/0x30 [ 411.479692] retfrom_fork+0x22/0x30 [ 411.479702] </TASK>
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54203.json" }- References
-
- https://git.kernel.org/stable/c/921536046bd165efeb07beef5630aff35cd6a489
- https://git.kernel.org/stable/c/99a51c673b1d2d0b5a972353401b77612d9cc713
- https://git.kernel.org/stable/c/a8334a0c535d0f0b4d64926c8fe0922ed98f7d43
- https://git.kernel.org/stable/c/dc8289f912387c3bcfbc5d2db29c8947fa207c11
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54203.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54203
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced51a8534c0f35c0401e45f1055f914729cad98bf9Fixed921536046bd165efeb07beef5630aff35cd6a489
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0b3ec5671ac06829ccebdaeec05acedfec327f42Fixeda8334a0c535d0f0b4d64926c8fe0922ed98f7d43
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcc32cd98a0aee4cc3eb611cbce11795b1aaa738aFixed99a51c673b1d2d0b5a972353401b77612d9cc713
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39b291b86b5988bf8753c3874d5c773399d09b96Fixeddc8289f912387c3bcfbc5d2db29c8947fa207c11