[SRU][J/F][PATCH 0/1] CVE-2024-26828

[Bethany Jamison]

[Impact]

 In the Linux kernel, the following vulnerability has been resolved:

 cifs: fix underflow in parse_server_interfaces()

 In this loop, we step through the buffer and after each item we check
 if the size_left is greater than the minimum size we need.  However,
 the problem is that "bytes_left" is type ssize_t while sizeof() is type
 size_t.  That means that because of type promotion, the comparison is
 done as an unsigned and if we have negative bytes left the loop
 continues instead of ending.

[Fix]

Mantic:	fixed via stable team
Jammy:	Backported - parse_server_interfaces() is organized differently 
	than upstream I modified both the while loops with the same 
	sizeof() issue to match the intentions of the fix commit
Focal:	Jammy patch applied cleanly.
Bionic:	not-affected
Xenial:	not-affected
Trusty:	not-affected

[Test Case]

Compile and boot tested.

[Where problems could occur]

This fix affects those who use the CIFS protocol, an issue with this
fix would be visable to the user via unpredicted system behavior or a
system crash.

Dan Carpenter (1):
  cifs: fix underflow in parse_server_interfaces()

 fs/cifs/smb2ops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1