CVE-2023-6606: 
Linux Kernel vulnerability analysis and mitigation

An out-of-bounds read vulnerability was discovered in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. The vulnerability was discovered on December 8, 2023, affecting Linux Kernel versions from 6.4 up to (excluding) 6.7. This issue could allow a local attacker to crash the system or leak internal kernel information (NVD, Red Hat).

The vulnerability exists in the smbCalcSize function where it retrieves WordCount and adds offset*2 to the data part of SMB, then retrieves a 16-byte value from the calculated pointer. The issue occurs in the call chain: cifs_demultiplex_thread → standard_receive3 → cifs_handle_standard → checkSMB → smbCalcSize. The CVSS v3.1 base score is 7.1 (HIGH) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (Kernel Bug).

The vulnerability could allow a local attacker to crash the system (denial of service) or leak internal kernel information. If a CIFS filesystem is mounted from a malicious server, the server could potentially exploit this to cause a denial of service (Debian).

The vulnerability has been fixed in multiple Linux distributions through security updates. Red Hat has released fixes for RHEL 8 and 9 versions through various security advisories. Debian has addressed this in version 4.19.304-1 for Debian 10 and version 5.10.209-2~deb10u1 for other versions (Red Hat, Debian).