{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-3866","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2023-07-24T14:52:41.881Z","datePublished":"2025-08-16T13:27:57.332Z","dateUpdated":"2026-05-11T19:27:10.435Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:27:10.435Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in the compound request\n\nThis patch validate session id and tree id in compound request.\nIf first operation in the compound is SMB2 ECHO request, ksmbd bypass\nsession and tree validation. So work->sess and work->tcon could be NULL.\nIf secound request in the compound access work->sess or tcon, It cause\nNULL pointer dereferecing error."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/server.c","fs/smb/server/smb2pdu.c"],"versions":[{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"eb947403518ea3d93f6d89264bb1f5416bb0c7d0","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"854156d12caa9d36de1cf5f084591c7686cc8a9d","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"d1066c1b3663401cd23c0d6e60cdae750ce00c0f","status":"affected","versionType":"git"},{"version":"0626e6641f6b467447c81dd7678a69c66f7746cf","lessThan":"5005bcb4219156f1bf7587b185080ec1da08518e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/server.c","fs/smb/server/smb2pdu.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.121","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.36","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.10","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.3.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0"},{"url":"https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d"},{"url":"https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f"},{"url":"https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e"}],"title":"ksmbd: validate session id and tree id in the compound request","x_generator":{"engine":"bippy-1.2.0"}}}}