ACK: [SRU][Focal][PATCH 0/3] CVE-2022-0168

Tim Gardner tim.gardner at canonical.com
Wed Jul 5 17:38:19 UTC 2023


On 6/29/23 1:44 PM, Yuxuan Luo wrote:
> [Impact]
> Billy Jheng Bing Jhong discovered that the CIFS network file system
> implementation in the Linux kernel did not properly validate arguments to
> ioctl() in some situations. A local attacker could possibly use this to cause a
> denial of service (system crash).
> 
> [Backport]
> Both fix commits rely on the commit that introduced `var`: b2ca6c2c9edd ("cifs:
> move some variables off the stack in smb2_ioctl_query_info"). This commit can
> be backported with a slight fix.
> 
> [Test]
> Compile and smoke tested via mount and umount CIFS. The proof of concept
> provided in the fix commit message is not valid.
> 
> [Potential Regression]
> Expect very low regression potential.
> 
> Paulo Alcantara (2):
>    cifs: prevent bad output lengths in smb2_ioctl_query_info()
>    cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
> 
> Ronnie Sahlberg (1):
>    cifs: move some variables off the stack in smb2_ioctl_query_info
> 
>   fs/cifs/smb2ops.c | 158 ++++++++++++++++++++++++++--------------------
>   1 file changed, 89 insertions(+), 69 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list