CVE-2023-4130

Published Aug 16, 2025

Last updated a month ago

Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-4130 is a vulnerability in the Linux kernel, specifically within the ksmbd server implementation when handling FILE_FULL_EA_INFORMATION requests. The flaw occurs in the `smb2_set_ea()` function, where multiple `smb2_ea_info` buffers are processed using the `NextEntryOffset` field. The ksmbd incorrectly validates the length of the next extended attribute (EA) buffer by using the next offset instead of the actual buffer length (`buf_len`). Because "next" represents the offset of the current EA rather than the remaining buffer size, this mistake could lead to an out-of-bounds access when parsing subsequent entries.

Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. Exploit chains CVE-2023-52440 & CVE-2023-4130 in Linux kernel SMB3 daemon (ksmbd) for remote code execution on Linux 6.1.45. Uses NTLM auth flaws to overflow heap & corrupt ksmbd_conn object, achieving ROP-based code execution via call_usermodehelper.

    @bigmacd16684

    16 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Linux Kernelのksmbdにおける脆弱性CVE-2023-52440とCVE-2023-4130を連鎖させ、リバースシェルを取得するPoC(攻撃の概念実証コード)が開示された。CVE-2023-52440はオーバーフロー、CVE-2023-4130はリーク(境界外読込)で、

    @__kokumoto

    16 Sept 2025

    1145 Impressions

    4 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. GitHub - BitsByWill/ksmbd-n-day: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 https://t.co/LghnmZ29sW

    @akaclandestine

    14 Sept 2025

    1573 Impressions

    0 Retweets

    13 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  4. Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) https://t.co/Cbk9MBo91v Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration! https:/

    @cor_ctf

    14 Sept 2025

    52750 Impressions

    156 Retweets

    589 Likes

    282 Bookmarks

    10 Replies

    4 Quotes

  5. CVE-2023-4130 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_i… https://t.co/VOzPxaF4k1

    @CVEnew

    16 Aug 2025

    212 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2023-4130 Linux Kernel SMB Server Buffer Validation Vulnerability in ksmbd https://t.co/det1EDBcD4

    @VulmonFeeds

    16 Aug 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.