ACK: [SRU][F/J/M][PATCH 0/1] CVE-2024-0565
Roxana Nicolescu
roxana.nicolescu at canonical.com
Tue Jan 30 09:35:42 UTC 2024
On 01/29, Yuxuan Luo wrote:
> [Impact]
> An out-of-bounds memory read flaw was found in receive_encrypted_standard
> in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux
> Kernel. This issue occurs due to integer underflow on the memcpy length
> caused by lack of validation on the client side, leading to a denial of
> service and wild copy.
>
> [Backport]
> It is a clean cherry pick for Mantic.
>
> On Focal, a conflict around the struct, `smb2_hdr`, exists due to
> missing 0d35e382e4e9 (“cifs: Create a new shared file holding smb2 pdu
> definitions“). However, although the bottom half of the struct
> definition has been modified, the CVE relevant part remains untouched.
> It is acceptable to skip this patch and ignore the conflict.
>
> [Test]
> Compile and smoke tested by setting up a ksmbd server using
> cifsd-team/ksmbd-tools.
>
> [Potential Regression]
> The potential regression is limited in the use case when kernel samba
> server with version 3.0 and above is sending a transformed message.
>
>
> Paulo Alcantara (1):
> smb: client: fix OOB in receive_encrypted_standard()
>
> fs/smb/client/smb2ops.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list