{"id":"CVE-2023-3866","summary":"ksmbd: validate session id and tree id in the compound request","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in the compound request\n\nThis patch validate session id and tree id in compound request.\nIf first operation in the compound is SMB2 ECHO request, ksmbd bypass\nsession and tree validation. So work-\u003esess and work-\u003etcon could be NULL.\nIf secound request in the compound access work-\u003esess or tcon, It cause\nNULL pointer dereferecing error.","modified":"2026-04-02T09:07:52.026025Z","published":"2025-08-16T13:27:57.332Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3866.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5005bcb4219156f1bf7587b185080ec1da08518e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/854156d12caa9d36de1cf5f084591c7686cc8a9d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1066c1b3663401cd23c0d6e60cdae750ce00c0f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eb947403518ea3d93f6d89264bb1f5416bb0c7d0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3866.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3866"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0626e6641f6b467447c81dd7678a69c66f7746cf"},{"fixed":"eb947403518ea3d93f6d89264bb1f5416bb0c7d0"},{"fixed":"854156d12caa9d36de1cf5f084591c7686cc8a9d"},{"fixed":"d1066c1b3663401cd23c0d6e60cdae750ce00c0f"},{"fixed":"5005bcb4219156f1bf7587b185080ec1da08518e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3866.json"}}],"schema_version":"1.7.5"}