[SRU][Jammy][PATCH 0/1] CVE-2023-38431

Bethany Jamison bethany.jamison at canonical.com
Thu Jan 25 21:44:14 UTC 2024


[Impact]

An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/connection.c in ksmbd does not validate the relationship
between the NetBIOS header's length field and the SMB header sizes, via
pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

[Fix]

The fix commit implemented function smb2_get_msg which wasn't defined
in Jammy - the function was very simple so I added it without issue.

[Test Case]

Compile and boot tested.

[Regression Potential]

Issues could occur with packets between NetBIOS and SMB.

Namjae Jeon (1):
  ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop

 fs/ksmbd/connection.c | 12 ++++++++++++
 fs/ksmbd/smb2pdu.h    |  9 +++++++++
 2 files changed, 21 insertions(+)

-- 
2.34.1




More information about the kernel-team mailing list