CVE-2023-1194: 
CBL Mariner vulnerability analysis and mitigation

An out-of-bounds (OOB) memory read vulnerability (CVE-2023-1194) was discovered in the KSMBD implementation of the in-kernel Samba server and CIFS in the Linux kernel. The vulnerability was found in the parse_lease_state function and affects Linux kernel versions through 6.4:rc5. The issue was discovered by Chih-Yen Chang and has a CVSS score of 8.1 (High) (Ubuntu Security, NetApp Security).

The vulnerability occurs in the parse_lease_state function when processing CREATE commands. Due to a missing check of the NameOffset field in the parse_lease_state() function, the create_context object can access invalid memory. The issue specifically relates to the validation of data structure fields when parsing lease contexts (Spinics Commit).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information or cause a denial of service (system crash) through an out-of-bounds memory read. A remote attacker could potentially exploit this vulnerability to cause system instability or expose sensitive kernel memory contents (Ubuntu Security, NetApp Security).

The vulnerability has been fixed in Linux kernel version 6.4 and backported to various stable kernel branches. Multiple vendors have released patches for their affected products, including Ubuntu which has fixed it in version 5.15.0-102.112 for Ubuntu 22.04 LTS (Ubuntu Security).