CVE-2023-3865

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2023-3865 UBUNTU-CVE-2023-3865 USN-6416-1 USN-6416-2 USN-6416-3 USN-6445-1

Analyzed

Published: 16 Aug 2025, 13:27

Last modified:11 May 2026, 19:27

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Aug 2025, 13:27

Published

Vulnerability first disclosed

11 May 2026, 19:27

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 6%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 3813eee5154d6a4c5875cb4444cb2b63bac8947f | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < c86211159bc3178b891e0d60e586a32c7b6a231b | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 58a9c41064df27632e780c5a3ae3e0e4284957d1 | ≥ 0626e6641f6b467447c81dd7678a69c66f7746cf, < 5fe7f7b78290638806211046a99f031ff26164e1 | 5.15
linux•linux_kernel
≥ 5.15, < 5.15.121 | ≥ 5.16, < 6.1.36 | ≥ 6.2, < 6.3.10 | 6.4:rc1 | 6.4:rc2 | 6.4:rc3 | 6.4:rc4 | 6.4:rc5 | 6.4:rc6 | 6.4:rc7