ACK: [SRU][Jammy][PATCH 0/1] CVE-2023-38431
Jacob Martin
jacob.martin at canonical.com
Thu Jan 25 23:04:35 UTC 2024
Acked-by: Jacob Martin <jacob.martin at canonical.com>
On 1/25/24 3:44 PM, Bethany Jamison wrote:
> [Impact]
>
> An issue was discovered in the Linux kernel before 6.3.8.
> fs/smb/server/connection.c in ksmbd does not validate the relationship
> between the NetBIOS header's length field and the SMB header sizes, via
> pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
>
> [Fix]
>
> The fix commit implemented function smb2_get_msg which wasn't defined
> in Jammy - the function was very simple so I added it without issue.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Regression Potential]
>
> Issues could occur with packets between NetBIOS and SMB.
>
> Namjae Jeon (1):
> ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
>
> fs/ksmbd/connection.c | 12 ++++++++++++
> fs/ksmbd/smb2pdu.h | 9 +++++++++
> 2 files changed, 21 insertions(+)
>
More information about the kernel-team
mailing list