ACK/Cmnt: [SRU][J/F][PATCH 0/1] CVE-2024-26828
Tim Gardner
tim.gardner at canonical.com
Mon May 13 14:38:31 UTC 2024
On 4/25/24 21:24, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> cifs: fix underflow in parse_server_interfaces()
>
> In this loop, we step through the buffer and after each item we check
> if the size_left is greater than the minimum size we need. However,
> the problem is that "bytes_left" is type ssize_t while sizeof() is type
> size_t. That means that because of type promotion, the comparison is
> done as an unsigned and if we have negative bytes left the loop
> continues instead of ending.
>
> [Fix]
>
> Mantic: fixed via stable team
> Jammy: Backported - parse_server_interfaces() is organized differently
> than upstream I modified both the while loops with the same
> sizeof() issue to match the intentions of the fix commit
> Focal: Jammy patch applied cleanly.
> Bionic: not-affected
> Xenial: not-affected
> Trusty: not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use the CIFS protocol, an issue with this
> fix would be visable to the user via unpredicted system behavior or a
> system crash.
>
> Dan Carpenter (1):
> cifs: fix underflow in parse_server_interfaces()
>
> fs/cifs/smb2ops.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
The backport looks correct.
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list