mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
160 lines
5.5 KiB
JSON
160 lines
5.5 KiB
JSON
{
|
|
"id": "CVE-2023-52442",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2024-02-21T08:15:45.547",
|
|
"lastModified": "2024-12-12T15:31:43.407",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in compound request\n\n`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()\nwill always return the first request smb2 header in a compound request.\nif `SMB2_TREE_CONNECT_HE` is the first command in compound request, will\nreturn 0, i.e. The tree id check is skipped.\nThis patch use ksmbd_req_buf_next() to get current command in compound."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: validar la identificaci\u00f3n de la sesi\u00f3n y la identificaci\u00f3n del \u00e1rbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolver\u00e1 el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolver\u00e1 0, es decir, se omite la verificaci\u00f3n de identificaci\u00f3n del \u00e1rbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.15",
|
|
"versionEndExcluding": "5.15.145",
|
|
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.16",
|
|
"versionEndExcluding": "6.1.53",
|
|
"matchCriteriaId": "B20754AF-3B8C-4574-A70D-EC24933810E5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.2",
|
|
"versionEndExcluding": "6.4.16",
|
|
"matchCriteriaId": "C3039EA3-F6CA-43EF-9F17-81A7EC6841EF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |