CVE-2023-3867
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in the Linux kernel's ksmbd SMB server module. Attackers can exploit this by sending specially crafted compound SMB2 session setup requests, potentially leading to kernel memory disclosure or system crashes. Systems running affected Linux kernel versions with ksmbd enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to information leakage, potential privilege escalation, or denial of service through kernel panic.
Likely Case
Information disclosure of kernel memory contents or system instability/crashes.
If Mitigated
Limited impact if ksmbd is disabled or proper network segmentation prevents access.
🎯 Exploit Status
Exploitation requires sending specially crafted SMB2 compound requests to ksmbd service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see git.kernel.org references)
Vendor Advisory: https://git.kernel.org/stable/c/2ba03cecb12ac7ac9e0170e251543c56832d9959
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ksmbd module
linuxPrevent loading of vulnerable ksmbd kernel module
echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd
Block SMB ports
linuxBlock access to SMB services at network level
iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP
🧯 If You Can't Patch
- Disable ksmbd service if not required
- Implement strict network segmentation to limit SMB access to trusted hosts only
🔍 How to Verify
Check if Vulnerable:
Check if ksmbd module is loaded: lsmod | grep ksmbdCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched and ksmbd module version if loaded📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- ksmbd error messages related to compound requests
Network Indicators:
- Unusual SMB2 compound request patterns
- Multiple failed SMB session setup attempts
SIEM Query:
source="kernel" AND ("panic" OR "Oops") OR source="ksmbd" AND "compound"