View at Official redhat advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERY_DIRECTORY and QUERY_INFO. Due to a missing validation check for the client-provided output buffer length, an out-of-bounds write can occur when processing filenames. This can lead to memory corruption, potentially causing a denial of service or other unpredictable system behavior.
A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERY_DIRECTORY and QUERY_INFO. Due to a missing validation check for the client-provided output buffer length, an out-of-bounds write can occur when processing filenames. This can lead to memory corruption, potentially causing a denial of service or other unpredictable system behavior.