CVE-2023-1194
Summary
A critical out-of-bounds memory read vulnerability exists in the KSMBD implementation of the Linux kernel's samba server and CIFS. Attackers can exploit this flaw by sending a malformed CREATE command to KSMBD, leading to access of invalid memory due to a missing check in the `parse_lease_state()` function.
IFF Assessment
FOE
This vulnerability allows an attacker to read out-of-bounds memory, potentially leading to information disclosure or denial-of-service, which is detrimental to defenders.
Severity
7.1
High
Defender Context
This vulnerability, CVE-2023-1194, affects the Linux kernel's SMB server implementation. Defenders need to ensure their systems are patched to prevent potential information disclosure or denial-of-service attacks originating from malformed SMB CREATE requests.