logo_clicknbuy.png

CVE-2023-4130 – Kerberos SMBd Buffer Length Validation Overflow

The following table lists the changes that have been made to the
CVE-2023-4130 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 16, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()

    There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request
    from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of
    current smb2_ea_info. ksmbd need to validate buffer length Before
    accessing the next ea. ksmbd should check buffer length using buf_len,
    not next variable. next is the start offset of current ea that got from
    previous ea.
    Added Reference https://git.kernel.org/stable/c/4bf629262f9118ee91b1c3a518ebf2b3bcb22180
    Added Reference https://git.kernel.org/stable/c/79ed288cef201f1f212dfb934bcaac75572fb8f6
    Added Reference https://git.kernel.org/stable/c/aeb974907642be095e38ecb1a400ca583958b2b0
    Added Reference https://git.kernel.org/stable/c/f339d76a3a972601d0738b881b099d49ebbdc3a2
Share the Post:

Related Posts