APPLIED: [SRU][F/J/M][PATCH 0/1] CVE-2024-0565

Stefan Bader stefan.bader at canonical.com
Wed Jan 31 09:33:22 UTC 2024


On 29.01.24 22:49, Yuxuan Luo wrote:
> [Impact]
> An out-of-bounds memory read flaw was found in receive_encrypted_standard
> in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux
> Kernel. This issue occurs due to integer underflow on the memcpy length
> caused by lack of validation on the client side, leading to a denial of
> service and wild copy.
> 
> [Backport]
> It is a clean cherry pick for Mantic.
> 
> On Focal, a conflict around the struct, `smb2_hdr`, exists due to
> missing 0d35e382e4e9 (“cifs: Create a new shared file holding smb2 pdu
> definitions“). However, although the bottom half of the struct
> definition has been modified, the CVE relevant part remains untouched.
> It is acceptable to skip this patch and ignore the conflict.
> 
> [Test]
> Compile and smoke tested by setting up a ksmbd server using
> cifsd-team/ksmbd-tools.
> 
> [Potential Regression]
> The potential regression is limited in the use case when kernel samba
> server with version 3.0 and above is sending a transformed message.
> 
> 
> Paulo Alcantara (1):
>    smb: client: fix OOB in receive_encrypted_standard()
> 
>   fs/smb/client/smb2ops.c | 14 ++++++++------
>   1 file changed, 8 insertions(+), 6 deletions(-)
> 

Applied to mantic,jammy,focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240131/4bd17ce0/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240131/4bd17ce0/attachment-0001.sig>


More information about the kernel-team mailing list