Bug 2326531 (CVE-2023-39180) - CVE-2023-39180 kernel: ksmbd: Read Request Memory Leak Denial-of-Service Vulnerability Key Information: 1. Bug ID: 2326531 2. CVE ID: CVE-2023-39180 3. Product: Security Response 4. Component: vulnerability 5. Version: unspecified 6. Hardware: All 7. OS: Linux 8. Priority: low 9. Severity: low 10. Status: NEW 11. Reported: 2024-11-15 17:07 UTC by OSIDB Bzimport 12. Modified: 2024-11-22 10:32 UTC 13. Fixed In Version: --- 14. Doc Type: --- 15. Doc Text: A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. 16. Target Milestone: --- 17. Assignee: Product Security DevOps Team 18. QA Contact: 19. Docs Contact: 20. URL: 21. Whiteboard: 22. Depends On: 23. Blocks: 24. TreeView+: depends on / blocked Attachments: OSIDB Bzimport: 2024-11-15 17:07:23 UTC - This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. - The specific flaw exists within the handling of SMB2_READ commands. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. - Reference: Mauro Matteo Cascella: 2024-11-15 17:07:46 UTC - Upstream patch: Note: You need to log in before you can comment on or make changes to this bug.