{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T06:52:13.318","vulnerabilities":[{"cve":{"id":"CVE-2023-3866","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-16T14:15:27.383","lastModified":"2025-11-18T17:58:12.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in the compound request\n\nThis patch validate session id and tree id in compound request.\nIf first operation in the compound is SMB2 ECHO request, ksmbd bypass\nsession and tree validation. So work->sess and work->tcon could be NULL.\nIf secound request in the compound access work->sess or tcon, It cause\nNULL pointer dereferecing error."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: valida el ID de sesión y el ID de árbol en la solicitud compuesta. Este parche valida el ID de sesión y el ID de árbol en la solicitud compuesta. Si la primera operación en la solicitud compuesta es una solicitud ECHO SMB2, ksmbd omite la validación de sesión y árbol. Por lo tanto, work->sess y work->tcon podrían ser NULL. Si la segunda solicitud en la solicitud compuesta accede a work->sess o tcon, se produce un error de desreferenciación de puntero NULL."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.121","matchCriteriaId":"D80EAC0B-0800-4E58-A184-64A1FA7F7EB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.36","matchCriteriaId":"989E8FC0-FE5E-4486-9391-FE0521B2326E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.3.10","matchCriteriaId":"9E91549C-3A35-4895-992D-EAD48CAD6C38"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*","matchCriteriaId":"38BC6744-7D25-4C02-9966-B224CD071D30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*","matchCriteriaId":"76061B41-CAE9-4467-BEDE-0FFC7956F2A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*","matchCriteriaId":"A717BA5B-D535-46A0-A329-A25FE5CEC588"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*","matchCriteriaId":"89CC80C6-F1EE-4AC7-BD21-DB3217BADE87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*","matchCriteriaId":"41EACEA1-FB69-4AF2-BC52-D39489858D42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*","matchCriteriaId":"9E1C36BE-F9D8-40B6-8281-5B8F9B42322D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*","matchCriteriaId":"1D6CAA59-F0EF-4E0B-8C23-EC9535008572"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}