216.73.217.64

CVE-2023-3866

· Published 16/08/2025 14:15 · Modified 16/08/2025 14:15

Labels: CVE-2023-3866 2025-08-16416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2023-3866

Essential information

Published
16/08/2025 14:15
Modified
16/08/2025 14:15
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:*

References