CVE-2023-39179 – CVE-2023-39179 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2023-39179?

CVE-2023-39179 has a CVSS score of 7.5 (HIGH). CVE-2023-39179 is an out-of-bounds read vulnerability in the Linux kernel's ksmbd SMB2 module that allows attackers to read sensitive kernel memory. This affects Linux systems with ksmbd enabled, potentially exposing credentials, encryption keys, or other sensitive data. Only systems using the ksmbd kernel module for SMB file sharing are vulnerable.

📋 TL;DR

CVE-2023-39179 is an out-of-bounds read vulnerability in the Linux kernel's ksmbd SMB2 module that allows attackers to read sensitive kernel memory. This affects Linux systems with ksmbd enabled, potentially exposing credentials, encryption keys, or other sensitive data. Only systems using the ksmbd kernel module for SMB file sharing are vulnerable.

💻 Affected Systems

Products:

Linux kernel ksmbd module

Versions: Linux kernel versions with ksmbd support (introduced in kernel 5.15)

Operating Systems: Linux distributions with ksmbd enabled

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if ksmbd module is loaded and SMB shares are configured. Most distributions don't enable ksmbd by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete kernel memory disclosure leading to credential theft, privilege escalation, or system compromise

🟠

Likely Case

Disclosure of sensitive kernel memory contents including potentially authentication tokens or file data

🟢

If Mitigated

Limited information disclosure with no direct code execution if proper network segmentation exists

🌐 Internet-Facing: MEDIUM - Requires SMB access and ksmbd enabled, but SMB should not be internet-facing

🏢 Internal Only: MEDIUM - Internal attackers with network access to SMB shares could exploit this

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires SMB client access to trigger the vulnerable read request. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.5.7, 6.1.49, 5.15.128 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-39179

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild and reload ksmbd module if using DKMS. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Unload the ksmbd kernel module to prevent exploitation

sudo rmmod ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf

Restrict SMB access

linux

Use firewall rules to limit SMB access to trusted networks only

sudo iptables -A INPUT -p tcp --dport 445 -s TRUSTED_NETWORK -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 445 -j DROP

🧯 If You Can't Patch

Disable ksmbd module entirely if SMB sharing not required
Implement strict network segmentation to isolate SMB servers from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. If loaded and kernel version is vulnerable, system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: uname -r. Check that version is 6.5.7, 6.1.49, 5.15.128 or later.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to ksmbd
SMB2 read request anomalies in system logs

Network Indicators:

Unusual SMB2 read request patterns
Multiple failed SMB connection attempts

SIEM Query:

source="kernel" AND "ksmbd" AND ("oops" OR "panic" OR "BUG")

📊 Metadata

CVE ID: CVE-2023-39179

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

CWE: CWE-125

Published: November 18, 2024

Last Updated: August 6, 2025

🔗 References

https://access.redhat.com/security/cve/CVE-2023-39179 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2326529 Issue Tracking,Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-586/ Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39179, you might also want to check these: