In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate payload size in ipc response
If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/smb/server/ksmbd_netlink.h",
"fs/smb/server/mgmt/share_config.c",
"fs/smb/server/transport_ipc.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "88b7f1143b15",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "51a6c2af9d20",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "a637fabac554",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "76af689a45aa",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "a677ebd8ca2f",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/smb/server/ksmbd_netlink.h",
"fs/smb/server/mgmt/share_config.c",
"fs/smb/server/transport_ipc.c"
],
"versions": [
{
"version": "5.15.157",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.85",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.26",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.5",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd
git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896
git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300
git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c
git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac