High severity7.1NVD Advisory· Published Nov 3, 2023· Updated Jun 17, 2026
CVE-2023-1194
CVE-2023-1194
Description
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parse_lease_state() function, the create_context object can access invalid memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:/o:redhat:enterprise_linux:6+ 3 more
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- Fedora/Fedorav5
Patches
Vulnerability mechanics
References
4- www.spinics.net/lists/stable-commits/msg303065.htmlnvdMailing ListPatch
- access.redhat.com/security/cve/CVE-2023-1194nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- security.netapp.com/advisory/ntap-20231221-0006/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.