[SRU][Jammy][PATCH 0/1] CVE-2023-32247
Bethany Jamison
bethany.jamison at canonical.com
Tue Feb 6 17:49:16 UTC 2024
[Impact]
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel
SMB server. The specific flaw exists within the handling of
SMB2_SESSION_SETUP commands. The issue results from the lack of control of
resource consumption. An attacker can leverage this vulnerability to create
a denial-of-service condition on the system.
[Fix]
Jammy: Backported - Jammy code structure was different in smb2pdu.h than
upstream, I found the relevant code chunk and implemented the fix commit's
intended change.
[Test Case]
Compile and boot test.
[Regression Potential]
Issues could occur when requesting to setup a new session.
Namjae Jeon (1):
ksmbd: destroy expired sessions
fs/ksmbd/mgmt/user_session.c | 68 ++++++++++++++++++++----------------
fs/ksmbd/mgmt/user_session.h | 1 +
fs/ksmbd/smb2pdu.c | 1 +
fs/ksmbd/smb2pdu.h | 2 ++
4 files changed, 41 insertions(+), 31 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list