ACK/Cmnt: [SRU][F/J/M][PATCH 0/1] CVE-2024-0565
Andrei Gherzan
andrei.gherzan at canonical.com
Tue Jan 30 09:57:39 UTC 2024
On 24/01/29 04:49PM, Yuxuan Luo wrote:
> [Impact]
> An out-of-bounds memory read flaw was found in receive_encrypted_standard
> in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux
> Kernel. This issue occurs due to integer underflow on the memcpy length
> caused by lack of validation on the client side, leading to a denial of
> service and wild copy.
>
> [Backport]
> It is a clean cherry pick for Mantic.
>
> On Focal, a conflict around the struct, `smb2_hdr`, exists due to
> missing 0d35e382e4e9 (“cifs: Create a new shared file holding smb2 pdu
> definitions“). However, although the bottom half of the struct
> definition has been modified, the CVE relevant part remains untouched.
> It is acceptable to skip this patch and ignore the conflict.
>
> [Test]
> Compile and smoke tested by setting up a ksmbd server using
> cifsd-team/ksmbd-tools.
>
> [Potential Regression]
> The potential regression is limited in the use case when kernel samba
> server with version 3.0 and above is sending a transformed message.
>
>
> Paulo Alcantara (1):
> smb: client: fix OOB in receive_encrypted_standard()
>
> fs/smb/client/smb2ops.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
A big shout for the clear, detailed and descriptive cover letter.
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240130/7a133bd9/attachment.sig>
More information about the kernel-team
mailing list