CVE-2023-6606

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6606
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

7.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2023-6606 Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=218218 Exploit Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2253611 Exploit Issue Tracking
https://access.redhat.com/errata/RHSA-2024:0723 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1188 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
History

25 Oct 2024, 16:37

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:0723 - () https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0881 - () https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1248 - () https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0897 - () https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1188 - () https://access.redhat.com/errata/RHSA-2024:1188 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1404 - () https://access.redhat.com/errata/RHSA-2024:1404 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:2094 - () https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0725 - () https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory
First Time Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Eus
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

14 Sep 2024, 00:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html', 'name': 'https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'name': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'tags': [], 'refsource': ''}

08 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2094 -

25 Jun 2024, 21:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

19 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1404 -

12 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1248 -
  • () https://access.redhat.com/errata/RHSA-2024:1188 -

20 Feb 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0881 -
  • () https://access.redhat.com/errata/RHSA-2024:0897 -

07 Feb 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0723 -
  • () https://access.redhat.com/errata/RHSA-2024:0725 -

11 Jan 2024, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html -

12 Dec 2023, 20:18

Type Values Removed Values Added
CWE CWE-125
First Time Linux
Redhat enterprise Linux
Redhat
Linux linux Kernel
References () https://bugzilla.redhat.com/show_bug.cgi?id=2253611 - () https://bugzilla.redhat.com/show_bug.cgi?id=2253611 - Exploit, Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2023-6606 - () https://access.redhat.com/security/cve/CVE-2023-6606 - Third Party Advisory
References () https://bugzilla.kernel.org/show_bug.cgi?id=218218 - () https://bugzilla.kernel.org/show_bug.cgi?id=218218 - Exploit, Issue Tracking
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.1
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

08 Dec 2023, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-08 17:15

Updated : 2024-10-25 16:37

NVD link : CVE-2023-6606

Mitre link : CVE-2023-6606

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_server_aus

linux

  • linux_kernel
CWE
CWE-125

Out-of-bounds Read