Unrated severityNVD Advisory· Published Aug 16, 2025· Updated Aug 19, 2025

ksmbd: validate session id and tree id in the compound request

CVE-2023-3866

Description

In the Linux kernel, the following vulnerability has been resolved:

This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.

Affected products

Linux/Kernelllm-fuzzy
Linux/Linuxv5
Range: 5.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518emitre
git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9dmitre
git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0fmitre
git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000