Vulnerability Details : CVE-2023-6606
Potential exploit
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Products affected by CVE-2023-6606
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
- Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
- Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2 Ppc64lecpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6606
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6606
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
NIST | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
Red Hat, Inc. |
CWE ids for CVE-2023-6606
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-6606
-
https://access.redhat.com/errata/RHSA-2024:0881
RHSA-2024:0881 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2253611
2253611 – (CVE-2023-6606) CVE-2023-6606 kernel: Out-Of-Bounds Read vulnerability in smbCalcSizeExploit;Issue Tracking
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[SECURITY] [DLA 3841-1] linux-5.10 security update
-
https://access.redhat.com/errata/RHSA-2024:1248
RHSA-2024:1248 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0725
RHSA-2024:0725 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0897
RHSA-2024:0897 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0723
RHSA-2024:0723 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1188
RHSA-2024:1188 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:2094
RHSA-2024:2094 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-6606
CVE-2023-6606- Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.kernel.org/show_bug.cgi?id=218218
218218 – Out-Of-Bounds Read vulnerability in smbCalcSizeExploit;Issue Tracking
-
https://access.redhat.com/errata/RHSA-2024:1404
RHSA-2024:1404 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
[SECURITY] [DLA 3710-1] linux security update
Jump to