APPLIED: [SRU][Focal][PATCH 0/3] CVE-2022-0168
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jul 6 19:16:09 UTC 2023
Applied to focal:linux master-next
Thanks!
- Luke
On Thu, Jun 29, 2023 at 12:45 PM Yuxuan Luo <yuxuan.luo at canonical.com>
wrote:
> [Impact]
> Billy Jheng Bing Jhong discovered that the CIFS network file system
> implementation in the Linux kernel did not properly validate arguments to
> ioctl() in some situations. A local attacker could possibly use this to
> cause a
> denial of service (system crash).
>
> [Backport]
> Both fix commits rely on the commit that introduced `var`: b2ca6c2c9edd
> ("cifs:
> move some variables off the stack in smb2_ioctl_query_info"). This commit
> can
> be backported with a slight fix.
>
> [Test]
> Compile and smoke tested via mount and umount CIFS. The proof of concept
> provided in the fix commit message is not valid.
>
> [Potential Regression]
> Expect very low regression potential.
>
> Paulo Alcantara (2):
> cifs: prevent bad output lengths in smb2_ioctl_query_info()
> cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
>
> Ronnie Sahlberg (1):
> cifs: move some variables off the stack in smb2_ioctl_query_info
>
> fs/cifs/smb2ops.c | 158 ++++++++++++++++++++++++++--------------------
> 1 file changed, 89 insertions(+), 69 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230706/0eda3798/attachment-0001.html>
More information about the kernel-team
mailing list