[SRU][Jammy][PATCH 0/1] CVE-2023-38431
Bethany Jamison
bethany.jamison at canonical.com
Thu Jan 25 21:44:14 UTC 2024
[Impact]
An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/connection.c in ksmbd does not validate the relationship
between the NetBIOS header's length field and the SMB header sizes, via
pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
[Fix]
The fix commit implemented function smb2_get_msg which wasn't defined
in Jammy - the function was very simple so I added it without issue.
[Test Case]
Compile and boot tested.
[Regression Potential]
Issues could occur with packets between NetBIOS and SMB.
Namjae Jeon (1):
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
fs/ksmbd/connection.c | 12 ++++++++++++
fs/ksmbd/smb2pdu.h | 9 +++++++++
2 files changed, 21 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list