Key Information Vulnerability Description CVE Number: CVE-2023-39179 Public Disclosure Date: June 10, 2024 Last Modified Date: November 15, 2024 Impact Level: Low CVSS v3 Score: 7.5 Vulnerability Details Issue Description: A flaw exists in the kernel's ksmbd module when processing SMB2 read requests. Due to insufficient validation of user-supplied data, it may lead to reading beyond the allocated buffer boundary. An attacker could exploit this to disclose sensitive information on affected Linux installations. Affected Systems: Only systems with ksmbd enabled are affected. Patch Information Affected Products: Red Hat Enterprise Linux 6, 7, 8, 9 Status: Not affected CVSS Score CVSS v3 Score: 7.5 Score Details: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Changed - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: Low Frequently Asked Questions Why does Red Hat's CVSS v3 score or impact differ from other vendors? My product is listed as "under investigation" or "affected"—when will Red Hat release a fix? If my product is listed as "not being fixed," what should I do? What are mitigations? I have a Red Hat product, but it's not in the list above—is it affected? Why does my security scanner report that my product is affected by this vulnerability, even though my product version is patched or not affected? External References CVE-2023-39179 NVD Details ZDI-24-586 Last Modified Date November 15, 2024, 5:21:36 PM UTC Copyright CVE description copyright © 2021