CVE-2023-4130

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/4bf629262f9118ee91b1c3a518ebf2b3bcb22180
https://git.kernel.org/stable/c/79ed288cef201f1f212dfb934bcaac75572fb8f6
https://git.kernel.org/stable/c/aeb974907642be095e38ecb1a400ca583958b2b0
https://git.kernel.org/stable/c/f339d76a3a972601d0738b881b099d49ebbdc3a2

Configurations

No configuration.

History

18 Aug 2025, 20:16

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige la siguiente validación de longitud incorrecta del búfer ea en smb2_set_ea() Hay múltiples búferes smb2_ea_info en la solicitud FILE_FULL_EA_INFORMATION del cliente. ksmbd encuentra el siguiente smb2_ea_info usando ->NextEntryOffset del smb2_ea_info actual. ksmbd necesita validar la longitud del búfer antes de acceder al siguiente ea. ksmbd debe verificar la longitud del búfer usando buf_len, no la variable next. next es el desplazamiento de inicio del ea actual que se obtuvo del ea anterior.

16 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-16 14:15

Updated : 2025-08-18 20:16

NVD link : CVE-2023-4130

Mitre link : CVE-2023-4130

CVE.ORG link : CVE-2023-4130

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2023-4130

Attach tags to `CVE-2023-4130`