CVE-2024-46795 ksmbd: unset the binding mark of a reused connection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

PT-2024-12778 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd affected versions not specified Description: A flaw was found in the handling of SMB2 READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can...

PT-2024-13198 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the parsing of extended attributes in the kernel ksmbd module, resulting from the lack of proper validation of user-supplied data. This can cause a read past the en...

PT-2024-12776 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd module affected versions not specified Description: A flaw was found in the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of...

The vulnerability of the `ksmbddecode_ntlmssp_auth_blob()` function in the ksmbd module of Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ksmbddecodentlmsspauthblob function in the ksmbd module of Linux operating systems is related to the copying of buffers without checking the size of the input data during the processing of the authblob-SessionKey.Length parameter. Exploiting this vulnerability allows a...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds issue in the initsmb2rsphdr method of the ksmbd module...

ROS-20230905-01

A vulnerability in the Bluetooth permission verification subsystem of the Linux kernel is associated with errors in the processing of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by sending specially crafted requests...

The vulnerability of the ksmbd module in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

PT-2023-8703 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the improper validation of session id and tree id in compound requests in the Linux kernel's ksmbd module. Specifically, the smb2 get msg function in smb2 get...

PT-2023-4694 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd affected versions not specified Description: The issue is related to a buffer overflow in the ksmbd module of the Linux kernel, allowing a remote attacker to potentially execute arbitrary code. This is due to an out-of-boun...

PT-2023-4397 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel ksmbd affected versions not specified Description: The issue is related to a buffer out-of-bounds read in the ksmbd smb2 check message function of the Linux kernel's ksmbd module. This could allow a remote attacker to execute...

PT-2023-3667 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.10 Description: An issue in the Linux kernel's ksmbd module, specifically in fs/smb/server/smb2misc.c, does not validate the relationship between the command payload size and the RFC1002 length specification...

PT-2023-3668 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.8 Description: An issue in the Linux kernel's ksmbd module, specifically in the fs/smb/server/connection.c file, does not validate the relationship between the NetBIOS header's length field and the SMB heade...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions by sending a specially crafted request...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...

The vulnerability of the ksmbd module in Linux operating systems allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the ksmbd module in Linux operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures using the SMB2QUERYINFO and SMB2LOGOFF command...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to intercept an active session.

The vulnerability of the ksmbd module in Linux operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to intercept an ongoing session...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources during TCP connection processing. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ksmbd module in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the SMB2QUERYINFO and SMB2LOGOFF commands...

The vulnerability of the ksmbd module in Linux operating systems allows attackers to execute a brute-force attack.

The vulnerability of the ksmbd module in Linux operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to carry out an attack using brute-force methods...