CVE-2023-4458 – CVE-2023-4458 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-4458?

CVE-2023-4458 has a CVSS score of 4.0 (MEDIUM). CVE-2023-4458 is an out-of-bounds read vulnerability in the Linux kernel's ksmbd module when parsing extended attributes. This allows attackers to read sensitive kernel memory and potentially leak information. Only systems with the ksmbd SMB server module enabled are affected.

📋 TL;DR

CVE-2023-4458 is an out-of-bounds read vulnerability in the Linux kernel's ksmbd module when parsing extended attributes. This allows attackers to read sensitive kernel memory and potentially leak information. Only systems with the ksmbd SMB server module enabled are affected.

💻 Affected Systems

Products:

Linux kernel with ksmbd module

Versions: Linux kernel versions with ksmbd support, typically 5.15+

Operating Systems: Linux distributions with ksmbd enabled

Default Config Vulnerable: ✅ No

Notes: ksmbd is not enabled by default in most distributions; requires explicit configuration or module loading.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage that could aid further attacks, including potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Limited information disclosure from kernel memory, potentially exposing system information or sensitive data structures.

🟢

If Mitigated

No impact if ksmbd is disabled or patched, as the vulnerability requires the module to be active and accessible.

🌐 Internet-Facing: MEDIUM - Systems with ksmbd exposed to untrusted networks could be targeted for information gathering.

🏢 Internal Only: LOW - Requires attacker access to internal network and ksmbd service; lower exposure surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires access to ksmbd service; exploitation details not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.5.7, 6.1.49, 5.15.128 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-4458

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version via distribution package manager. 2. Reboot system to load new kernel. 3. Verify ksmbd module loads from patched kernel.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Prevent loading of vulnerable ksmbd kernel module

sudo modprobe -r ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/ksmbd-blacklist.conf

Block ksmbd network access

linux

Block SMB ports used by ksmbd

sudo iptables -A INPUT -p tcp --dport 445 -j DROP
sudo iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

Disable ksmbd module if not required for business operations
Implement network segmentation to restrict access to ksmbd services

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd

Check Version:

uname -r

Verify Fix Applied:

Check kernel version: uname -r and verify it's patched version; verify ksmbd module loads from new kernel

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to ksmbd
Unexpected ksmbd process crashes

Network Indicators:

Unusual SMB traffic patterns to ksmbd ports

SIEM Query:

process.name:"ksmbd" AND (event.action:"crash" OR log.level:"error")

📊 Metadata

CVE ID: CVE-2023-4458

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE: CWE-125

Published: November 14, 2024

Last Updated: August 19, 2025

🔗 References

https://access.redhat.com/security/cve/CVE-2023-4458 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2325516 Issue Tracking,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-590/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4458, you might also want to check these: