CVE-2023-3866

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3866

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3866.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3866

Downstream

BELL-CVE-2023-3866

DEBIAN-CVE-2023-3866

OESA-2023-1614

OESA-2023-1615

OESA-2023-1616

UBUNTU-CVE-2023-3866

USN-6416-1

USN-6416-2

USN-6416-3

USN-6445-1

USN-6445-2

USN-6464-1

USN-6466-1

USN-6520-1

Published

2025-08-16T14:15:27Z

Modified

2025-08-18T20:16:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate session id and tree id in the compound request

This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.

References

Affected packages