🟠 High | Source: Microsoft Security Response Center
CVE-2023-6606 is an out-of-bounds read vulnerability in the Linux kernel’s SMB client, specifically within the smbCalcSize function. It allows a local attacker to read memory beyond intended boundaries, potentially leaking sensitive kernel data. While not directly an Azure-specific flaw, it affects Linux-based workloads running on Azure VMs and other cloud environments using SMB-enabled kernels.
Security Architect’s Take: Review any Azure Linux VMs or AKS node pools using SMB mounts and ensure the underlying kernel is patched to a version that addresses this CVE. Prioritise workloads where SMB shares are mounted from untrusted or externally accessible sources, as crafted SMB responses could trigger the vulnerability.
Original advisory: CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize