AI description
CVE-2023-52440 is a vulnerability in the Linux kernel, specifically within the ksmbd component. The vulnerability stems from a potential slub overflow in the `ksmbd_decode_ntlmssp_auth_blob()` function. The issue arises when the `authblob->SessionKey.Length` exceeds the defined session key size (`CIFS_KEY_SIZE`), which can lead to a slub overflow during key exchange processes. This occurs because the `cifs_arc4_crypt` function copies data from the client-provided `SessionKey` to the session key array without proper bounds checking.
- Description
- In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
Exploit chains CVE-2023-52440 & CVE-2023-4130 in Linux kernel SMB3 daemon (ksmbd) for remote code execution on Linux 6.1.45. Uses NTLM auth flaws to overflow heap & corrupt ksmbd_conn object, achieving ROP-based code execution via call_usermodehelper.
@bigmacd16684
16 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Kernelのksmbdにおける脆弱性CVE-2023-52440とCVE-2023-4130を連鎖させ、リバースシェルを取得するPoC(攻撃の概念実証コード)が開示された。CVE-2023-52440はオーバーフロー、CVE-2023-4130はリーク(境界外読込)で、
@__kokumoto
16 Sept 2025
1145 Impressions
4 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - BitsByWill/ksmbd-n-day: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 https://t.co/LghnmZ29sW
@akaclandestine
14 Sept 2025
1573 Impressions
0 Retweets
13 Likes
12 Bookmarks
0 Replies
0 Quotes
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) https://t.co/Cbk9MBo91v Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration! https:/
@cor_ctf
14 Sept 2025
52750 Impressions
156 Retweets
589 Likes
282 Bookmarks
10 Replies
4 Quotes
CVE-2023-4533 04/30/2025 10:15:16 PM Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. It was assigned as a duplicate of CVE-2023-52440
@CVETracker
1 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "169F25B6-7A66-437D-B095-420A0C9D2628",
"versionEndExcluding": "6.1.52",
"versionStartIncluding": "5.17.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB08B8F4-BEEF-473F-8A44-8C0DC24B919C",
"versionEndExcluding": "6.4.15",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "496F2478-0324-4792-B3ED-95D8884323A4",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.5.0"
}
],
"operator": "OR"
}
]
}
]