[SRU][F/J/M][PATCH 0/1] CVE-2024-0565
Yuxuan Luo
yuxuan.luo at canonical.com
Mon Jan 29 21:49:40 UTC 2024
[Impact]
An out-of-bounds memory read flaw was found in receive_encrypted_standard
in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux
Kernel. This issue occurs due to integer underflow on the memcpy length
caused by lack of validation on the client side, leading to a denial of
service and wild copy.
[Backport]
It is a clean cherry pick for Mantic.
On Focal, a conflict around the struct, `smb2_hdr`, exists due to
missing 0d35e382e4e9 (“cifs: Create a new shared file holding smb2 pdu
definitions“). However, although the bottom half of the struct
definition has been modified, the CVE relevant part remains untouched.
It is acceptable to skip this patch and ignore the conflict.
[Test]
Compile and smoke tested by setting up a ksmbd server using
cifsd-team/ksmbd-tools.
[Potential Regression]
The potential regression is limited in the use case when kernel samba
server with version 3.0 and above is sending a transformed message.
Paulo Alcantara (1):
smb: client: fix OOB in receive_encrypted_standard()
fs/smb/client/smb2ops.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list