Vulnerability DatabaseCVE-2023-3867
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-3867
Published:August 16, 2025
Updated:May 13, 2026
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup().
Related Resources (9)
https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3867.json
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://git.kernel.org/stable/c/676392184785ace61e939831e7ca44a03d438c3b
https://github.com/gregkh/linux/commit/7b7d709ef7cf285309157fb94c33f625dd22c5e1
https://git.kernel.org/stable/c/98422bdd4cb3ca4d08844046f6507d7ec2c2b8d8
https://nvd.nist.gov/vuln/detail/CVE-2023-3867
https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959
https://www.zerodayinitiative.com/advisories/ZDI-23-981/
https://git.kernel.org/stable/c/ef572ffa8eb44111eed2925fbb2adca78bdcbf61
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.11