APPLIED: [SRU][Jammy][PATCH 0/1] CVE-2023-32247
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Feb 12 08:06:17 UTC 2024
On 06/02/2024 18:49, Bethany Jamison wrote:
> [Impact]
>
> A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel
> SMB server. The specific flaw exists within the handling of
> SMB2_SESSION_SETUP commands. The issue results from the lack of control of
> resource consumption. An attacker can leverage this vulnerability to create
> a denial-of-service condition on the system.
>
> [Fix]
>
> Jammy: Backported - Jammy code structure was different in smb2pdu.h than
> upstream, I found the relevant code chunk and implemented the fix commit's
> intended change.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur when requesting to setup a new session.
>
> Namjae Jeon (1):
> ksmbd: destroy expired sessions
>
> fs/ksmbd/mgmt/user_session.c | 68 ++++++++++++++++++++----------------
> fs/ksmbd/mgmt/user_session.h | 1 +
> fs/ksmbd/smb2pdu.c | 1 +
> fs/ksmbd/smb2pdu.h | 2 ++
> 4 files changed, 41 insertions(+), 31 deletions(-)
>
Applied to jammy master-next branch. Thanks!
More information about the kernel-team
mailing list