CLSA-2024-1731933167 kernel: Fix of 36 CVEs

smb: client: fix use-after-free in smb2queryinfocompound CVE-2023-52751 - smb: client: prevent new fids from being removed by laundromat CVE-2023-52751 - cifs: fix dentry lookups in directory handle cache CVE-2023-52751 - uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 -...

CVE-2023-39179

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

UBUNTU-CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

The vulnerability in the implementation of the SMB protocol in Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the SMB protocol implementation in Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

PT-2024-35625

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue has been reported in the Linux kernel, specifically in the SMB client, when using SMB2.1 + sign mounts. This occurs due to a race condition between tasks A and B,...

The vulnerability in the implementation of the Server Message Block (SMBv3) network protocol on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Server Message Block SMBv3 network protocol implementation in Windows operating systems is related to a memory reclamation error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-43642

Windows SMB Denial of Service Vulnerability...

kernel: smb: client: guarantee refcounted children from parent session

The following vulnerability has been resolved in the Linux kernel: smb: client: Fix - Guarantee refcounted children from the parent session...

kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted()

A use-after-free flaw was found in the Linux kernel in smb smb2isnetworknamedeleted when exiting a session. This flaw allows a local attacker to crash the system...

kernel: smb: client: potential use-after-free in cifs_debug_files_proc_show()

A flaw was found in the Linux kernel. The following vulnerability has been resolved: smb: client: fix potential UAF in cifsdebugfilesprocshow...

kernel: smb: client: fix potential deadlock when releasing mids

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All releasemid callers seem to hold a reference of @mid so there is no need to call krefput&mid-refcount, releasemid under @server-midlock spinlock. If they don't, then an...

Microsoft SMBv3 资源管理错误漏洞

Microsoft SMBv3 is a support firmware from Microsoft Corporation USA that provides SMB functionality for devices. A resource management error vulnerability exists in Microsoft SMBv3. An attacker exploiting this vulnerability could remotely execute code. The following products and versions are...

PT-2024-8157 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the SMB protocol in Windows operating systems, specifically involving the use of memory after it has been freed. This can be exploited by a...

smb: client: fix UAF in async decryption

...

SUSE CVE-2024-50152

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2setea Clang static checkerscan-build warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfreeea; | ^ There is a double free in such case: 'ea is initializ...

DEBIAN-CVE-2024-50151

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

AZL-53543 CVE-2024-50151 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

UBUNTU-CVE-2024-50151

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

CVE-2024-50151 smb: client: fix OOBs when building SMB2_IOCTL request

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...