ACK: [SRU][J][PATCH 0/1] CVE-2024-26952
Stefan Bader
stefan.bader at canonical.com
Thu Jul 4 16:40:34 UTC 2024
On 26.06.24 23:14, Bethany Jamison wrote:
> [Impact]
>
> ksmbd: fix potencial out-of-bounds when buffer offset is invalid
>
> I found potencial out-of-bounds when buffer offset fields of a few requests
> is invalid. This patch set the minimum value of buffer offset field to
> ->Buffer offset to validate buffer length.
>
> [Fix]
>
> Noble: released
> Jammy: Backport - context conflicts from neighboring lines, shouldn't
> affect the fix so I applied the fix changes as given
> Focal: not affected
> Bionic: not affected
> Xenial: not affected
> Trusty: not affected
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix affects those who use the KSMBD server, an issue with this fix
> would be visible to the user via unexpected system behavior or a system
> crash.
>
> Namjae Jeon (1):
> ksmbd: fix potencial out-of-bounds when buffer offset is invalid
>
> fs/ksmbd/smb2misc.c | 22 +++++++++++++++------
> fs/ksmbd/smb2pdu.c | 48 ++++++++++++++++++++++++---------------------
> 2 files changed, 42 insertions(+), 28 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240704/4659f04f/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240704/4659f04f/attachment-0001.sig>
More information about the kernel-team
mailing list