mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-04 18:08:00 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2023-4130
Description
In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION requestfrom client. ksmbd find next smb2_ea_info using ->NextEntryOffset ofcurrent smb2_ea_info. ksmbd need to validate buffer length Beforeaccessing the next ea. ksmbd should check buffer length using buf_len,not next variable. next is the start offset of current ea that got fromprevious ea.
POC
Reference
No PoCs from references.