CVE-2023-6606

Description

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVSS Metrics

• v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

• CWE-125•Out-of-bounds Read

  The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

• linux•linux_kernel

  ≥ 6.4.1, < 6.7 | 6.4 | 6.4:rc4 | 6.4:rc5 | 6.4:rc6 | 6.4:rc7 | 6.7:rc1 | 6.7:rc2 | 6.7:rc3 | 6.7:rc4 | 6.7:rc5 | 6.7:rc6

• redhat•enterprise_linux

  8.0 | 9.0

• redhat•enterprise_linux_eus

  9.2 | 9.4

• redhat•enterprise_linux_server_aus

  9.2 | 9.4

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  9.2 | 9.2_ppc64le

References (13)

• https://access.redhat.com/errata/RHSA-2024:0723
• https://access.redhat.com/errata/RHSA-2024:0725
• https://access.redhat.com/errata/RHSA-2024:0881
• https://access.redhat.com/errata/RHSA-2024:0897
• https://access.redhat.com/errata/RHSA-2024:1188
• https://access.redhat.com/errata/RHSA-2024:1248
• https://access.redhat.com/errata/RHSA-2024:1404
• https://access.redhat.com/errata/RHSA-2024:2094
• https://access.redhat.com/security/cve/CVE-2023-6606
• https://bugzilla.kernel.org/show_bug.cgi?id=218218
• https://bugzilla.redhat.com/show_bug.cgi?id=2253611
• https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html