Search for vulnerabilities
Vulnerability details: VCID-py9u-c5ey-sfhx
Vulnerability ID VCID-py9u-c5ey-sfhx
Aliases CVE-2023-4091
Summary A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-276 Incorrect Default Permissions
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:6209
ssvc Track https://access.redhat.com/errata/RHSA-2023:6209
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:6744
ssvc Track https://access.redhat.com/errata/RHSA-2023:6744
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:7371
ssvc Track https://access.redhat.com/errata/RHSA-2023:7371
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:7408
ssvc Track https://access.redhat.com/errata/RHSA-2023:7408
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:7464
ssvc Track https://access.redhat.com/errata/RHSA-2023:7464
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2023:7467
ssvc Track https://access.redhat.com/errata/RHSA-2023:7467
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4091.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2023-4091
ssvc Track https://access.redhat.com/security/cve/CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
epss 0.00476 https://api.first.org/data/v1/epss?cve=CVE-2023-4091
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2241882
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2241882
cvssv3.1 6.5 https://bugzilla.samba.org/show_bug.cgi?id=15439
ssvc Track https://bugzilla.samba.org/show_bug.cgi?id=15439
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4091
cvssv3.1 6.5 https://www.samba.org/samba/security/CVE-2023-4091.html
ssvc Track https://www.samba.org/samba/security/CVE-2023-4091.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4091.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
https://security.netapp.com/advisory/ntap-20231124-0002/
cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::resilientstorage https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::resilientstorage
cpe:/a:redhat:rhel_eus:8.6::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.6::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb
cpe:/a:redhat:rhel_eus:8.8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:8.8::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb
cpe:/a:redhat:rhel_eus:9.0::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream
cpe:/a:redhat:rhel_eus:9.0::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::crb
cpe:/a:redhat:rhel_eus:9.0::resilientstorage https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::resilientstorage
cpe:/a:redhat:rhel_eus:9.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_eus:9.2::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb
cpe:/a:redhat:rhel_eus:9.2::resilientstorage https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::resilientstorage
cpe:/a:redhat:storage:3 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:storage:3
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:8.6::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhel_eus:9.0::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
cpe:/o:redhat:rhev_hypervisor:4.4::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhev_hypervisor:4.4::el8
CVE-2023-4091 https://access.redhat.com/security/cve/CVE-2023-4091
CVE-2023-4091 https://nvd.nist.gov/vuln/detail/CVE-2023-4091
CVE-2023-4091.html https://www.samba.org/samba/security/CVE-2023-4091.html
RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6209
RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:6744
RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7371
RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7408
RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7464
RHSA-2023:7467 https://access.redhat.com/errata/RHSA-2023:7467
show_bug.cgi?id=15439 https://bugzilla.samba.org/show_bug.cgi?id=15439
show_bug.cgi?id=2241882 https://bugzilla.redhat.com/show_bug.cgi?id=2241882
USN-6425-1 https://usn.ubuntu.com/6425-1/
USN-6425-3 https://usn.ubuntu.com/6425-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:6209
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:6209
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:6744
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:6744
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7371
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:7371
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7408
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:7408
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7464
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:7464
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:7467
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/errata/RHSA-2023:7467
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4091.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2023-4091
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://access.redhat.com/security/cve/CVE-2023-4091
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2241882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2241882
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.samba.org/show_bug.cgi?id=15439
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://bugzilla.samba.org/show_bug.cgi?id=15439
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://www.samba.org/samba/security/CVE-2023-4091.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T16:18:12Z/ Found at https://www.samba.org/samba/security/CVE-2023-4091.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.62181
EPSS Score 0.00438
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:43.877866+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6425-1/ 37.0.0