ACK: [SRU][Jammy][PATCH 0/1] CVE-2023-32247
Jacob Martin
jacob.martin at canonical.com
Thu Feb 8 00:07:02 UTC 2024
Acked-by: Jacob Martin <jacob.martin at canonical.com>
On 2/6/24 11:49 AM, Bethany Jamison wrote:
> [Impact]
>
> A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel
> SMB server. The specific flaw exists within the handling of
> SMB2_SESSION_SETUP commands. The issue results from the lack of control of
> resource consumption. An attacker can leverage this vulnerability to create
> a denial-of-service condition on the system.
>
> [Fix]
>
> Jammy: Backported - Jammy code structure was different in smb2pdu.h than
> upstream, I found the relevant code chunk and implemented the fix commit's
> intended change.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur when requesting to setup a new session.
>
> Namjae Jeon (1):
> ksmbd: destroy expired sessions
>
> fs/ksmbd/mgmt/user_session.c | 68 ++++++++++++++++++++----------------
> fs/ksmbd/mgmt/user_session.h | 1 +
> fs/ksmbd/smb2pdu.c | 1 +
> fs/ksmbd/smb2pdu.h | 2 ++
> 4 files changed, 41 insertions(+), 31 deletions(-)
>
More information about the kernel-team
mailing list