CVE-2023-52434: smb: client: fix potential OOBs in smb2_parse_contexts()

Published Feb 20, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential OOBs in smb2parsecontexts()

Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts().

This fixes following oops when accessing invalid create contexts from server:

BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2parsecontexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: ? die+0x23/0x70 ? pagefaultoops+0x181/0x480 ? searchmoduleextables+0x19/0x60 ? srsoaliasreturnthunk+0x5/0xfbef5 ? excpagefault+0x1b6/0x1c0 ? asmexcpagefault+0x26/0x30 ? smb2parsecontexts+0xa0/0x3a0 [cifs] SMB2open+0x38d/0x5f0 [cifs] ? smb2ispathaccessible+0x138/0x260 [cifs] smb2ispathaccessible+0x138/0x260 [cifs] cifsispathremote+0x8d/0x230 [cifs] cifsmount+0x7e/0x350 [cifs] cifssmb3domount+0x128/0x780 [cifs] smb3gettree+0xd9/0x290 [cifs] vfsgettree+0x2c/0x100 ? capable+0x37/0x70 pathmount+0x2d7/0xb80 ? srsoaliasreturnthunk+0x5/0xfbef5 ? rawspinunlockirqrestore+0x44/0x60 x64sysmount+0x11a/0x150 dosyscall64+0x47/0xf0 entrySYSCALL64afterhwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e

Other sources

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential OOBs in smb2parsecontexts()

Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts().

This fixes following oops when accessing invalid create contexts from server:

BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2parsecontexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die+0x23/0x70 ? pagefaultoops+0x181/0x480 ? searchmoduleextables+0x19/0x60 ? srsoaliasreturnthunk+0x5/0xfbef5 ? excpagefault+0x1b6/0x1c0 ? asmexcpagefault+0x26/0x30 ? smb2parsecontexts+0xa0/0x3a0 [cifs] SMB2open+0x38d/0x5f0 [cifs] ? smb2ispathaccessible+0x138/0x260 [cifs] smb2ispathaccessible+0x138/0x260 [cifs] cifsispathremote+0x8d/0x230 [cifs] cifsmount+0x7e/0x350 [cifs] cifssmb3domount+0x128/0x780 [cifs] smb3gettree+0xd9/0x290 [cifs] vfsgettree+0x2c/0x100 ? capable+0x37/0x70 pathmount+0x2d7/0xb80 ? srsoaliasreturnthunk+0x5/0xfbef5 ? rawspinunlockirqrestore+0x44/0x60 x64sysmount+0x11a/0x150 dosyscall64+0x47/0xf0 entrySYSCALL64afterhwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e

NVD

Affected Software

16 affected componentsFixes available
Linux Linux kernel>=5.3<5.4.277
Linux Linux kernel>=5.5<5.10.211
Linux Linux kernel>=5.11<5.15.150
Linux Linux kernel>=5.16<=6.1.79
Linux Linux kernel>=6.2<6.6.8
Linux Linux kernel=6.7-rc1
Linux Linux kernel=6.7-rc2
Linux Linux kernel=6.7-rc3
Linux Linux kernel=6.7-rc4
Linux Linux kernel=6.7-rc5
Debian Debian Linux=10.0
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-1

Remediation

Patch Available

https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5

Patch Available

https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa

Patch Available

https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29

Patch Available

https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48

Patch Available

https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144

Patch Available

https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb

Event History

Feb 20, 2024
CVE Published
via MITRE·06:04 PM
Data Sourced
via MITRE·06:04 PM
Description
Feb 21, 2024
Data Sourced
via Red Hat·09:22 AM
DescriptionSeverityAffected Software
May 30, 2024
Data Sourced
via Launchpad·10:07 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·11:16 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52434?

CVE-2023-52434 has been classified as a moderate severity vulnerability due to potential out-of-bounds access affecting the Linux kernel.

2

How do I fix CVE-2023-52434?

To fix CVE-2023-52434, update your Linux kernel to a version that includes the patch for this vulnerability, specifically versions like 5.10.223-1, 6.1.123-1, or newer.

3

Which versions of the Linux kernel are affected by CVE-2023-52434?

CVE-2023-52434 affects multiple versions of the Linux kernel from 5.3 up to, but not including, versions that contain the patch for this vulnerability.

4

What impact does CVE-2023-52434 have on systems running affected kernel versions?

The impact of CVE-2023-52434 includes potential system crashes or instability due to out-of-bounds access when invalid create contexts are accessed.

5

Who is responsible for addressing CVE-2023-52434?

It is the responsibility of system administrators and users of affected Linux distributions to ensure their systems are updated to mitigate CVE-2023-52434.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203