CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0723	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1188	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6606	Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=218218	Exploit Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2253611	Exploit Issue Tracking
https://access.redhat.com/errata/RHSA-2024:0723	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1188	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6606	Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=218218	Exploit Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2253611	Exploit Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.4:-::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.4:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.7:rc6::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -
References	~~() https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1188 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:1188 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1404 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:1404 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-6606 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-6606 - Third Party Advisory
References	~~() https://bugzilla.kernel.org/show_bug.cgi?id=218218 - Exploit, Issue Tracking~~	() https://bugzilla.kernel.org/show_bug.cgi?id=218218 - Exploit, Issue Tracking
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2253611 - Exploit, Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2253611 - Exploit, Issue Tracking

25 Oct 2024, 16:37

Type	Values Removed	Values Added
CPE	cpe:2.3:o:linux:linux_kernel:-:::::::*	cpe:2.3:o:linux:linux_kernel:6.7:rc5:::::: cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:linux:linux_kernel:6.4:rc6:::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:linux:linux_kernel:6.7:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc2:::::: cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:linux:linux_kernel:6.7:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.4:rc4:::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:linux:linux_kernel:6.4:-:::::: cpe:2.3:o:linux:linux_kernel:6.7:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.4:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.4:rc7:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://access.redhat.com/errata/RHSA-2024:0723 -~~	() https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0725 -~~	() https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0881 -~~	() https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0897 -~~	() https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1188 -~~	() https://access.redhat.com/errata/RHSA-2024:1188 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1248 -~~	() https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1404 -~~	() https://access.redhat.com/errata/RHSA-2024:1404 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2094 -~~	() https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory
First Time		Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Aus Redhat enterprise Linux Eus

14 Sep 2024, 00:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'source': 'secalert@redhat.com'}~~

08 Jul 2024, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2094 -

25 Jun 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

19 Mar 2024, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1404 -

12 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1188 - () https://access.redhat.com/errata/RHSA-2024:1248 -

20 Feb 2024, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0881 - () https://access.redhat.com/errata/RHSA-2024:0897 -

07 Feb 2024, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0723 - () https://access.redhat.com/errata/RHSA-2024:0725 -

11 Jan 2024, 19:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html -

12 Dec 2023, 20:18

Type	Values Removed	Values Added
CWE		CWE-125
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~() https://bugzilla.kernel.org/show_bug.cgi?id=218218 -~~	() https://bugzilla.kernel.org/show_bug.cgi?id=218218 - Exploit, Issue Tracking
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2253611 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2253611 - Exploit, Issue Tracking
References	~~() https://access.redhat.com/security/cve/CVE-2023-6606 -~~	() https://access.redhat.com/security/cve/CVE-2023-6606 - Third Party Advisory
First Time		Redhat enterprise Linux Linux linux Kernel Redhat Linux

08 Dec 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-08 17:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6606

Mitre link : CVE-2023-6606

CVE.ORG link : CVE-2023-6606

JSON object : View

Products Affected

redhat

enterprise_linux_eus
enterprise_linux
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux_server_aus

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

7.1 /10