CVE-2023-52434
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52434
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52434.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52434
- Downstream
- Related
- Published
- 2024-02-20T18:15:50Z
- Modified
- 2025-08-09T20:01:26Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential OOBs in smb2parsecontexts()
Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts().
This fixes following oops when accessing invalid create contexts from server:
BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2parsecontexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? _die+0x23/0x70 ? pagefaultoops+0x181/0x480 ? searchmoduleextables+0x19/0x60 ? srsoaliasreturnthunk+0x5/0xfbef5 ? excpagefault+0x1b6/0x1c0 ? asmexcpagefault+0x26/0x30 ? smb2parsecontexts+0xa0/0x3a0 [cifs] SMB2open+0x38d/0x5f0 [cifs] ? smb2ispathaccessible+0x138/0x260 [cifs] smb2ispathaccessible+0x138/0x260 [cifs] cifsispathremote+0x8d/0x230 [cifs] cifsmount+0x7e/0x350 [cifs] cifssmb3domount+0x128/0x780 [cifs] smb3gettree+0xd9/0x290 [cifs] vfsgettree+0x2c/0x100 ? capable+0x37/0x70 pathmount+0x2d7/0xb80 ? srsoaliasreturnthunk+0x5/0xfbef5 ? rawspinunlockirqrestore+0x44/0x60 _x64sysmount+0x11a/0x150 dosyscall64+0x47/0xf0 entrySYSCALL64after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e
- References
-
- https://security.netapp.com/advisory/ntap-20250117-0009/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5
- https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa
- https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29
- https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb
- https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48
- https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144