Login Sign Up

CVE-2023-38430

9.1 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to trigger an out-of-bounds read by sending specially crafted SMB requests with invalid protocol IDs. Systems running Linux kernels before 6.3.9 with ksmbd enabled are affected, potentially exposing SMB file sharing services to information disclosure or denial of service attacks.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 6.3.9
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ksmbd (kernel SMB server) is enabled and configured. Many distributions don't enable ksmbd by default.

📦 What is this software?

H300s by Netapp

View all CVEs affecting H300s →

H410s by Netapp

View all CVEs affecting H410s →

H500s by Netapp

View all CVEs affecting H500s →

H700s by Netapp

View all CVEs affecting H700s →

Hci Management Node by Netapp

View all CVEs affecting Hci Management Node →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, though this requires additional vulnerabilities to be chained with the information disclosure.

🟠

Likely Case

Information disclosure through memory leaks, denial of service via kernel panic, or system instability.

🟢

If Mitigated

Limited impact if ksmbd is disabled or network access is restricted, with potential for minor information disclosure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires network access to ksmbd service and knowledge of SMB protocol manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.3.9 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 6.3.9 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Prevent loading of vulnerable ksmbd kernel module

echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd

Block SMB ports at firewall

linux

Prevent external access to ksmbd service

iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

  • Disable ksmbd service if not required for business operations
  • Implement strict network segmentation to isolate systems with ksmbd enabled

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd AND check kernel version: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 6.3.9 or later: uname -r AND ensure ksmbd module is not loaded or has been updated

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • ksmbd error messages in system logs
  • Unexpected SMB protocol errors

Network Indicators:

  • Unusual SMB traffic patterns
  • Multiple failed SMB protocol negotiations
  • Traffic to port 445 with malformed packets

SIEM Query:

source="kernel" AND ("ksmbd" OR "SMB") AND ("panic" OR "oops" OR "out of bounds")

📊 Metadata

CVE ID: CVE-2023-38430
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38430, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)