Linux Kernel ksmbd Out-of-Bounds Read Vulnerability Due to Insufficient Sub-Authorization Validation

Vulnerability

A vulnerability in the Linux kernel's ksmbd component allows for an out-of-bounds read. This issue arises because the number of sub-authorizations is not properly validated before accessing the sub-authorization data. The vulnerability has been addressed by adding a validation step to ensure that the number of sub-authorizations is non-zero before accessing the related data.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be exploited to read sensitive information from memory or cause a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ksmbd Out-of-Bounds Read Vulnerability Due to Insufficient Sub-Authorization Validation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating