cve/2023/CVE-2023-52441.md

CVE-2023-52441

Description

In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix out of bounds in init_smb2_rsp_hdr()If client send smb2 negotiate request and then send smb1 negotiaterequest, init_smb2_rsp_hdr is called for smb1 negotiate request sinceneed_neg is set to false. This patch ignore smb1 packets after ->need_negis set to false.

POC

Reference

No PoCs from references.

Github

• https://github.com/fkie-cad/nvd-json-data-feeds