Vulnerability DatabaseCVE-2023-3865
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-3865
Published:August 16, 2025
Updated:May 12, 2026
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write.
Related Resources (9)
https://nvd.nist.gov/vuln/detail/CVE-2023-3865
https://git.kernel.org/stable/c/3813eee5154d6a4c5875cb4444cb2b63bac8947f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://git.kernel.org/stable/c/58a9c41064df27632e780c5a3ae3e0e4284957d1
https://git.kernel.org/stable/c/5fe7f7b78290638806211046a99f031ff26164e1
https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3865.json
https://www.zerodayinitiative.com/advisories/ZDI-23-980/
https://github.com/gregkh/linux/commit/5fe7f7b78290638806211046a99f031ff26164e1
https://git.kernel.org/stable/c/c86211159bc3178b891e0d60e586a32c7b6a231b
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.02