Vulnerabilities of the functions check_session_id(), smb2_check_user_session(), smb2_sess_setup(), smb2_session_logoff(), smb3_decrypt_req(), ksmbd_session_lookup(), ksmbd_session_lookup_slowpath(), and ksmbd_get_encryption_key() in the Linux operating system kernel, allowing a hacker to cause a service failure.

The vulnerabilities of the functions checksessionid, smb2checkusersession, smb2sesssetup, smb2sessionlogoff, smb3decryptreq, ksmbdsessionlookup, ksmbdsessionlookupslowpath, and ksmbdgetencryptionkey in the Linux operating system are related to improper locking mechanisms. Exploiting these...

CVE-2023-52480 ksmbd: fix race condition between session lookup and expire

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...

UBUNTU-CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...