CVE-2023-4130
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-4130
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4130.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-4130
- Downstream
- Related
- Published
- 2025-08-16T13:27:58.227Z
- Modified
- 2025-11-28T02:35:35.026060Z
- Summary
- ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix wrong next length validation of ea buffer in smb2setea()
There are multiple smb2eainfo buffers in FILEFULLEAINFORMATION request from client. ksmbd find next smb2eainfo using ->NextEntryOffset of current smb2eainfo. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buflen, not next variable. next is the start offset of current ea that got from previous ea.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4130.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4bf629262f9118ee91b1c3a518ebf2b3bcb22180
- https://git.kernel.org/stable/c/79ed288cef201f1f212dfb934bcaac75572fb8f6
- https://git.kernel.org/stable/c/aeb974907642be095e38ecb1a400ca583958b2b0
- https://git.kernel.org/stable/c/f339d76a3a972601d0738b881b099d49ebbdc3a2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4130.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-4130
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0626e6641f6b467447c81dd7678a69c66f7746cfFixedaeb974907642be095e38ecb1a400ca583958b2b0Fixedf339d76a3a972601d0738b881b099d49ebbdc3a2Fixed4bf629262f9118ee91b1c3a518ebf2b3bcb22180Fixed79ed288cef201f1f212dfb934bcaac75572fb8f6