AI description
CVE-2023-4130 is a vulnerability in the Linux kernel, specifically within the ksmbd server implementation when handling FILE_FULL_EA_INFORMATION requests. The flaw occurs in the `smb2_set_ea()` function, where multiple `smb2_ea_info` buffers are processed using the `NextEntryOffset` field. The ksmbd incorrectly validates the length of the next extended attribute (EA) buffer by using the next offset instead of the actual buffer length (`buf_len`). Because "next" represents the offset of the current EA rather than the remaining buffer size, this mistake could lead to an out-of-bounds access when parsing subsequent entries.
- Description
- In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- linux_kernel
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days William Liu @cor_ctf posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE https://t.co/kqvwX9NbSK https://t
@linkersec
1 Oct 2025
7261 Impressions
27 Retweets
125 Likes
51 Bookmarks
1 Reply
0 Quotes
Exploit chains CVE-2023-52440 & CVE-2023-4130 in Linux kernel SMB3 daemon (ksmbd) for remote code execution on Linux 6.1.45. Uses NTLM auth flaws to overflow heap & corrupt ksmbd_conn object, achieving ROP-based code execution via call_usermodehelper.
@bigmacd16684
16 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Kernelのksmbdにおける脆弱性CVE-2023-52440とCVE-2023-4130を連鎖させ、リバースシェルを取得するPoC(攻撃の概念実証コード)が開示された。CVE-2023-52440はオーバーフロー、CVE-2023-4130はリーク(境界外読込)で、
@__kokumoto
16 Sept 2025
1145 Impressions
4 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - BitsByWill/ksmbd-n-day: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 https://t.co/LghnmZ29sW
@akaclandestine
14 Sept 2025
1573 Impressions
0 Retweets
13 Likes
12 Bookmarks
0 Replies
0 Quotes
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) https://t.co/Cbk9MBo91v Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration! https:/
@cor_ctf
14 Sept 2025
52750 Impressions
156 Retweets
589 Likes
282 Bookmarks
10 Replies
4 Quotes
CVE-2023-4130 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_i… https://t.co/VOzPxaF4k1
@CVEnew
16 Aug 2025
212 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-4130 Linux Kernel SMB Server Buffer Validation Vulnerability in ksmbd https://t.co/det1EDBcD4
@VulmonFeeds
16 Aug 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73A72E27-1F7D-4EF0-B826-78FD0D86735C",
"versionEndExcluding": "5.15.127",
"versionStartIncluding": "5.15"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B8CC90-9492-465C-81D4-10DA3B712286",
"versionEndExcluding": "6.1.46",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C36FD9E6-B6D7-4887-8F08-C1F64E139D5C",
"versionEndExcluding": "6.4.11",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F15C659-DF06-455A-9765-0E6DE920F29A"
}
],
"operator": "OR"
}
]
}
]