{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T23:49:35.212","vulnerabilities":[{"cve":{"id":"CVE-2023-52442","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-02-21T08:15:45.547","lastModified":"2025-10-01T19:15:33.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in compound request\n\n`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()\nwill always return the first request smb2 header in a compound request.\nif `SMB2_TREE_CONNECT_HE` is the first command in compound request, will\nreturn 0, i.e. The tree id check is skipped.\nThis patch use ksmbd_req_buf_next() to get current command in compound."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: validar la identificación de la sesión y la identificación del árbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolverá el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolverá 0, es decir, se omite la verificación de identificación del árbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.145","matchCriteriaId":"6943BD04-722B-4B0F-810D-A5086EA877BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.53","matchCriteriaId":"B20754AF-3B8C-4574-A70D-EC24933810E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.4.16","matchCriteriaId":"C3039EA3-F6CA-43EF-9F17-81A7EC6841EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*","matchCriteriaId":"0B3E6E4D-E24E-4630-B00C-8C9901C597B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*","matchCriteriaId":"E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*","matchCriteriaId":"F5608371-157A-4318-8A2E-4104C3467EA1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/017d85c94f02090a87f4a473dbe0d6ee0da72693","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3df0411e132ee74a87aa13142dfd2b190275332e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c2b350b2e269e3fd17bbfa42de1b42775b777ac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/becb5191d1d5fdfca0198a2e37457bbbf4fe266f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}