CVE-2023-39180

A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-39180	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2326531	Issue Tracking Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-589/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

06 Aug 2025, 13:34

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::*
References	~~() https://access.redhat.com/security/cve/CVE-2023-39180 -~~	() https://access.redhat.com/security/cve/CVE-2023-39180 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2326531 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2326531 - Issue Tracking, Third Party Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-24-589/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-24-589/ - Third Party Advisory

Information

Published : 2024-11-18 10:15

Updated : 2025-08-06 13:34

NVD link : CVE-2023-39180

Mitre link : CVE-2023-39180

CVE.ORG link : CVE-2023-39180

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-39180", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-18T10:15:05.217", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-39180", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326531", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-589/", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el manejo de comandos SMB2_READ en el m\u00f3dulo ksmbd del kernel. El problema se debe a que no se libera memoria despu\u00e9s de su vida \u00fatil efectiva. Un atacante puede aprovechar esto para crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Linux. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, pero solo los sistemas con ksmbd habilitado son vulnerables."}], "lastModified": "2025-08-06T13:34:08.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}