[SRU][Focal][PATCH 0/3] CVE-2022-0168
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Jun 29 19:44:28 UTC 2023
[Impact]
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to cause a
denial of service (system crash).
[Backport]
Both fix commits rely on the commit that introduced `var`: b2ca6c2c9edd ("cifs:
move some variables off the stack in smb2_ioctl_query_info"). This commit can
be backported with a slight fix.
[Test]
Compile and smoke tested via mount and umount CIFS. The proof of concept
provided in the fix commit message is not valid.
[Potential Regression]
Expect very low regression potential.
Paulo Alcantara (2):
cifs: prevent bad output lengths in smb2_ioctl_query_info()
cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
Ronnie Sahlberg (1):
cifs: move some variables off the stack in smb2_ioctl_query_info
fs/cifs/smb2ops.c | 158 ++++++++++++++++++++++++++--------------------
1 file changed, 89 insertions(+), 69 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list